带有NAT的PIX实现IPSec VPN连接(4)

　　ISAKMP : Checking IPSec proposal 1

　　ISAKMP: transform 1, ESP_DES

　　ISAKMP: attributes in transform:

　　ISAKMP: encaps is 1

　　ISAKMP: SA life type in seconds

　　ISAKMP: SA life duration (basic) of 28800

　　ISAKMP: SA life type in kilobytes

　　ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0

　　ISAKMP: authenticator is HMAC-MD5

　　ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request): proposal part #1,

　　(key eng. msg.) dest= 203.1.1.1, src= 204.1.1.1,

　　dest_proxy= 10.1.1.0/255.255.255.0/0/0 (type=4),

　　src_proxy= 10.2.2.0/255.255.255.0/0/0 (type=4),

　　protocol= ESP, transform= esp-des esp-md5-hmac ,

　　lifedur= 0s and 0kb,

　　spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4

　　ISAKMP (0): processing NONCE payload. message ID = 1223411072

　　ISAKMP (0): processing ID payload. message ID = 1223411072

　　ISAKMP (0): ID_IPV4_ADDR_SUBNET src 10.2.2.0/255.255.255.0 prot 0 port 0

　　ISAKMP (0): processing ID payload. message ID = 1223411072

　　ISAKMP (0): ID_IPV4_ADDR_SUBNET dst 10.1.1.0/255.255.255.0 prot 0 port

　　0IPSEC(key_engine): got a queue event...

　　IPSEC(spi_response): getting spi 0xd0e27cb6(3504503990) for SA from 204.1.1.1

　　to 203.1.1.1 for prot 3

　　return status is IKMP_NO_ERROR

　　crypto_isakmp_process_block: src 204.1.1.1, dest 203.1.1.1

　　OAK_QM exchange

　　oakley_process_quick_mode:

　　OAK_QM_AUTH_AWAIT

　　ISAKMP (0): Creating IPSec SAs

　　inbound SA from 204.1.1.1 to 203.1.1.1 proxy 10.2.2.0 to 10.1.1.0)

　　has spi 3504503990 and conn_id 4 and flags 4

　　lifetime of 28800 seconds

　　lifetime of 4608000 kilobytes

　　outbound SA from 203.1.1.1 to 204.1.1.1(proxy 10.1.1.0 to 10.2.2.0)

　　has spi 2729504033 and conn_id 3 and flags 4

　　lifetime of 28800 seconds

　　lifetime of 4608000 kilobytesIPSEC(key_engine): got a queue event...

　　IPSEC(initialize_sas): ,

　　(key eng. msg.) dest= 203.1.1.1, src= 204.1.1.1,

　　dest_proxy= 10.1.1.0/255.255.255.0/0/0 (type=4),

　　src_proxy= 10.2.2.0/255.255.255.0/0/0 (type=4),

　　protocol= ESP, transform= esp-des esp-md5-hmac ,

　　lifedur= 28800s and 4608000kb,

　　spi= 0xd0e27cb6(3504503990), conn_id= 4, keysize= 0, flags= 0x4

　　IPSEC(initialize_sas): ,

　　(key eng. msg.) src= 203.1.1.1, dest= 204.1.1.1,

　　src_proxy= 10.1.1.0/255.255.255.0/0/0 (type=4),

　　dest_proxy= 10.2.2.0/255.255.255.0/0/0 (type=4),

　　protocol= ESP, transform= esp-des esp-md5-hmac ,

　　lifedur= 28800s and 4608000kb,

　　spi= 0xa2b0ed21(2729504033), conn_id= 3, keysize= 0, flags= 0x4

　　return status is IKMP_NO_ERROR

　　远程PIX调试

　　ISAKMP (0): beginning Main Mode exchange

　　crypto_isakmp_process_block: src 203.1.1.1, dest 204.1.1.1

　　OAK_MM exchange

　　ISAKMP (0): processing SA payload. message ID = 0

　　ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy

　　ISAKMP: encryption DES-CBC

　　ISAKMP: hash MD5

　　ISAKMP: default group 1

　　ISAKMP: auth pre-share

　　ISAKMP: life type in seconds

　　ISAKMP: life duration (basic) of 1000

　　ISAKMP (0): atts are acceptable. Next payload is 0

　　ISAKMP (0): SA is doing pre-shared key authentication using id type ID_FQDN

　　return status is IKMP_NO_ERROR

　　crypto_isakmp_process_block: src 203.1.1.1, dest 204.1.1.1

　　OAK_MM exchange

　　ISAKMP (0): processing KE payload. message ID = 0

　　ISAKMP (0): processing NONCE payload. message ID = 0

　　ISAKMP (0): processing vendor id payload

　　ISAKMP (0): speaking to another IOS box!

　　ISAKMP (0): ID payload

　　next-payload : 8

　　type : 2

　　protocol : 17

　　port : 500

　　length : 18

　　ISAKMP (0): Total payload length: 22

　　return status is IKMP_NO_ERROR

　　crypto_isakmp_process_block: src 203.1.1.1, dest 204.1.1.1

　　OAK_MM exchange

　　ISAKMP (0): processing ID payload. message ID = 0

　　ISAKMP (0): processing HASH payload. message ID = 0

　　ISAKMP (0): SA has been authenticated

　　ISAKMP (0): beginning Quick Mode exchange, M-ID of

　　1223411072:48ebc580IPSEC(key_engine):got a queue event...

　　IPSEC(spi_response): getting spi 0xa2b0ed21(2729504033) for SA

　　from 203.1.1.1 to 204.1.1.1 for prot 3

　　return status is IKMP_NO_ERROR

　　crypto_isakmp_process_block: src 203.1.1.1, dest 204.1.1.1

　　OAK_QM exchange

　　oakley_process_quick_mode:

　　OAK_QM_IDLE

　　ISAKMP (0): processing SA payload. message ID = 1223411072

　　ISAKMP : Checking IPSec proposal 1

　　ISAKMP: transform 1, ESP_DES

　　ISAKMP: attributes in transform:

　　ISAKMP: encaps is 1

　　ISAKMP: SA life type in seconds

　　ISAKMP: SA life duration (basic) of 28800

　　ISAKMP: SA life type in kilobytes

　　ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0

　　ISAKMP: authenticator is HMAC-MD5

　　ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request): proposal part #1,

　　(key eng. msg.) dest= 203.1.1.1, src= 204.1.1.1,

　　dest_proxy= 10.1.1.0/255.255.255.0/0/0 (type=4),

　　src_proxy= 10.2.2.0/255.255.255.0/0/0 (type=4),

　　protocol= ESP, transform= esp-des esp-md5-hmac ,

　　lifedur= 0s and 0kb,

　　spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4

　　ISAKMP (0): processing NONCE payload. message ID = 1223411072

　　ISAKMP (0): processing ID payload. message ID = 1223411072

　　ISAKMP (0): processing ID payload. message ID = 1223411072

　　ISAKMP (0): Creating IPSec SAs

　　inbound SA from 203.1.1.1 to 204.1.1.1 (proxy 10.1.1.0 to 10.2.2.0)

　　has spi 2729504033 and conn_id 4 and flags 4

　　lifetime of 28800 seconds