Quantcast
Channel: All SRX Services Gateway posts
Viewing all articles
Browse latest Browse all 17645

Re: Replacing a SSG5 with SRX100H2 in branch office

May 22, 2016, 1:14 pm
$
0
0

I started a kmd-log

May 22 13:10:46  Dallas_SRX kmd[1454]: IKE negotiation failed with error: SA unusable. IKE Version: 1, VPN: Colo_VPN Gateway: gw_Colo_VPN, Local: 2.2.2.2/500, Remote: 1.1.1.1/500, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0
May 22 13:11:16  Dallas_SRX kmd[1454]: IKE negotiation failed with error: SA unusable. IKE Version: 1, VPN: Colo_VPN Gateway: gw_Colo_VPN, Local: 2.2.2.2/500, Remote: 1.1.1.1/500, Local IKE-ID: Not-Available, Remote IKE-ID: Not-Available, VR-ID: 0

And a packet capture on the SRX External interface

Address resolution is ON. Use  to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on fe-0/0/0, capture size 1514 bytes
15:00:06.108173  In IP (tos 0x0, ttl  50, id 31872, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 ? ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:07.854810 Out IP (tos 0x0, ttl 255, id 32391, offset 0, flags [none], proto: ICMP (1), length: 84) rrcs-2-2-2-2.sw.biz.rr.com > 1.1.1.1.hosting.com: ICMP echo request, id 1454, seq 642, length 64
15:00:07.993840 Out IP (tos 0xc0, ttl  64, id 32392, offset 0, flags [none], proto: UDP (17), length: 120) rrcs-2-2-2-2.sw.biz.rr.com.isakmp > 1.1.1.1.hosting.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 ? ident[E]: [|id]
15:00:10.109892  In IP (tos 0x0, ttl  50, id 32056, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 ? ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:14.109431  In IP (tos 0x0, ttl  50, id 32237, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 ? ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:17.857708 Out IP (tos 0x0, ttl 255, id 32437, offset 0, flags [none], proto: ICMP (1), length: 84) rrcs-2-2-2-2.sw.biz.rr.com > 1.1.1.1.hosting.com: ICMP echo request, id 1454, seq 643, length 64
15:00:17.995497 Out IP (tos 0xc0, ttl  64, id 32438, offset 0, flags [none], proto: UDP (17), length: 120) rrcs-2-2-2-2.sw.biz.rr.com.isakmp > 1.1.1.1.hosting.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 ? ident[E]: [|id]
15:00:18.108741  In IP (tos 0x0, ttl  50, id 32487, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 ? ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:22.105781  In IP (tos 0x0, ttl  50, id 32700, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 ? ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:26.107536  In IP (tos 0x0, ttl  50, id 32969, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 ? ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:27.865084 Out IP (tos 0x0, ttl 255, id 32485, offset 0, flags [none], proto: ICMP (1), length: 84) rrcs-2-2-2-2.sw.biz.rr.com > 1.1.1.1.hosting.com: ICMP echo request, id 1454, seq 644, length 64
15:00:27.886401 Out IP (tos 0xc0, ttl  64, id 32486, offset 0, flags [none], proto: UDP (17), length: 172) rrcs-2-2-2-2.sw.biz.rr.com.isakmp > 1.1.1.1.hosting.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 I ident:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1 spi=179df9c6f7121a19
            (t: #0 id=ike (type=enc value=3des)(type=group desc value=modp1024)(type=hash value=sha1)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)(type=auth value=preshared))))
    (vid: len=16)
    (vid: len=28)
15:00:27.922762  In IP (tos 0x0, ttl  50, id 33091, offset 0, flags [none], proto: UDP (17), length: 184) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1
            (t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration value=7080))))
    (vid: len=28)
    (vid: len=16)
    (vid: len=20)
15:00:27.942793 Out IP (tos 0xc0, ttl  64, id 32487, offset 0, flags [none], proto: UDP (17), length: 208) rrcs-2-2-2-2.sw.biz.rr.com.isakmp > 1.1.1.1.hosting.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 I ident:
    (ke: key len=128)
    (nonce: n len=16)
15:00:27.997358  In IP (tos 0x0, ttl  50, id 33099, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:28.016066 Out IP (tos 0xc0, ttl  64, id 32488, offset 0, flags [none], proto: UDP (17), length: 120) rrcs-2-2-2-2.sw.biz.rr.com.isakmp > 1.1.1.1.hosting.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 I ident[E]: [|id]
15:00:28.051935  In IP (tos 0x0, ttl  50, id 33105, offset 0, flags [none], proto: UDP (17), length: 120) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid c4cfee21: phase 2/others R inf[E]: [|hash]
15:00:30.106134  In IP (tos 0x0, ttl  50, id 33230, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 ? ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:32.105819  In IP (tos 0x0, ttl  50, id 33331, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:34.129665  In IP (tos 0x0, ttl  50, id 33465, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 ? ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:36.109492  In IP (tos 0x0, ttl  50, id 33559, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:37.867652 Out IP (tos 0x0, ttl 255, id 32562, offset 0, flags [none], proto: ICMP (1), length: 84) rrcs-2-2-2-2.sw.biz.rr.com > 1.1.1.1.hosting.com: ICMP echo request, id 1454, seq 645, length 64
15:00:38.018599 Out IP (tos 0xc0, ttl  64, id 32563, offset 0, flags [none], proto: UDP (17), length: 120) rrcs-2-2-2-2.sw.biz.rr.com.isakmp > 1.1.1.1.hosting.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 I ident[E]: [|id]
15:00:38.105998  In IP (tos 0x0, ttl  50, id 33618, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 ? ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:40.107690  In IP (tos 0x0, ttl  50, id 33718, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:42.105837  In IP (tos 0x0, ttl  50, id 33797, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 ? ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:44.109073  In IP (tos 0x0, ttl  50, id 33869, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:47.870446 Out IP (tos 0x0, ttl 255, id 32613, offset 0, flags [none], proto: ICMP (1), length: 84) rrcs-2-2-2-2.sw.biz.rr.com > 1.1.1.1.hosting.com: ICMP echo request, id 1454, seq 646, length 64
15:00:48.021873 Out IP (tos 0xc0, ttl  64, id 32614, offset 0, flags [none], proto: UDP (17), length: 120) rrcs-2-2-2-2.sw.biz.rr.com.isakmp > 1.1.1.1.hosting.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 I ident[E]: [|id]
15:00:48.105590  In IP (tos 0x0, ttl  50, id 34023, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:52.105218  In IP (tos 0x0, ttl  50, id 34167, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:56.106703  In IP (tos 0x0, ttl  50, id 34294, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:00:57.873274 Out IP (tos 0x0, ttl 255, id 32664, offset 0, flags [none], proto: ICMP (1), length: 84) rrcs-2-2-2-2.sw.biz.rr.com > 1.1.1.1.hosting.com: ICMP echo request, id 1454, seq 647, length 64
15:01:00.104920  In IP (tos 0x0, ttl  50, id 34434, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:01:04.104463  In IP (tos 0x0, ttl  50, id 34508, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:01:07.882483 Out IP (tos 0x0, ttl 255, id 32724, offset 0, flags [none], proto: ICMP (1), length: 84) rrcs-2-2-2-2.sw.biz.rr.com > 1.1.1.1.hosting.com: ICMP echo request, id 1454, seq 648, length 64
15:01:07.895173 Out IP (tos 0xc0, ttl  64, id 32725, offset 0, flags [none], proto: UDP (17), length: 172) rrcs-2-2-2-2.sw.biz.rr.com.isakmp > 1.1.1.1.hosting.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 I ident:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1 spi=14c93282cc9e3ee3
            (t: #0 id=ike (type=enc value=3des)(type=group desc value=modp1024)(type=hash value=sha1)(type=lifetype value=sec)(type=lifeduration len=4 value=00007080)(type=auth value=preshared))))
    (vid: len=16)
    (vid: len=28)
15:01:07.931718  In IP (tos 0x0, ttl  50, id 34616, offset 0, flags [none], proto: UDP (17), length: 184) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (sa: doi=ipsec situation=identity
        (p: #1 protoid=isakmp transform=1
            (t: #1 id=ike (type=enc value=3des)(type=hash value=sha1)(type=group desc value=modp1024)(type=auth value=preshared)(type=lifetype value=sec)(type=lifeduration value=7080))))
    (vid: len=28)
    (vid: len=16)
    (vid: len=20)
15:01:07.952982 Out IP (tos 0xc0, ttl  64, id 32726, offset 0, flags [none], proto: UDP (17), length: 208) rrcs-2-2-2-2.sw.biz.rr.com.isakmp > 1.1.1.1.hosting.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 I ident:
    (ke: key len=128)
    (nonce: n len=16)
15:01:08.004140  In IP (tos 0x0, ttl  50, id 34617, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:01:08.023412 Out IP (tos 0xc0, ttl  64, id 32727, offset 0, flags [none], proto: UDP (17), length: 120) rrcs-2-2-2-2.sw.biz.rr.com.isakmp > 1.1.1.1.hosting.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 I ident[E]: [|id]
15:01:08.058352  In IP (tos 0x0, ttl  50, id 34618, offset 0, flags [none], proto: UDP (17), length: 120) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 3fa03277: phase 2/others R inf[E]: [|hash]
15:01:08.105163  In IP (tos 0x0, ttl  50, id 34619, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:01:12.105671  In IP (tos 0x0, ttl  50, id 34773, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:01:12.106491  In IP (tos 0x0, ttl  50, id 34774, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:01:16.105447  In IP (tos 0x0, ttl  50, id 35147, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:01:17.885591 Out IP (tos 0x0, ttl 255, id 32802, offset 0, flags [none], proto: ICMP (1), length: 84) rrcs-2-2-2-2.sw.biz.rr.com > 1.1.1.1.hosting.com: ICMP echo request, id 1454, seq 649, length 64
15:01:18.025682 Out IP (tos 0xc0, ttl  64, id 32803, offset 0, flags [none], proto: UDP (17), length: 120) rrcs-2-2-2-2.sw.biz.rr.com.isakmp > 1.1.1.1.hosting.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 I ident[E]: [|id]
15:01:20.103208  In IP (tos 0x0, ttl  50, id 35544, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)
15:01:24.105661  In IP (tos 0x0, ttl  50, id 35831, offset 0, flags [none], proto: UDP (17), length: 224) 1.1.1.1.hosting.com.isakmp > rrcs-2-2-2-2.sw.biz.rr.com.isakmp: isakmp 1.0 msgid 00000000: phase 1 R ident:
    (ke: key len=128)
    (nonce: n len=32)

 

Search
Viewing all articles
Browse latest Browse all 17645

Trending Articles

Scuffham Amps - S-GEAR 2.6.0 VST, AAX, STANDALONE x86 x64 (R2R NO iLok2, +NO...

November 19, 2017, 7:24 am

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

VHSE First (1st) Allotment 2025 - vhscap.kerala.gov.in

May 24, 2025, 11:58 pm

UNIVERSE LEAGUE – UNIVERSE LEAGUE – WAR (We Are Ready) – EP [iTunes Plus M4A]

January 26, 2025, 11:12 am

City Hunter Teledrama – Episode 18 – 07th May 2016

May 6, 2016, 2:05 pm

Comment on Proposed Criteria for Identifying Predatory Conferences by Luke...

July 4, 2016, 3:53 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

Kendrick Lamar – Not Like Us (2024) [24Bit-88.2kHz] [PMEDIA] ⭐️

May 14, 2024, 7:14 pm

Inception 2010 Hindi Dual Audio 650MB BRRip 720p ESubs HEVC

December 27, 2016, 4:23 pm

East Hull MD admits sexual assaults after another victim comes forward

January 14, 2013, 12:20 am

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

R. v. Sargeant, 2023 ONSC 6406 (CanLII)

November 13, 2023, 9:00 pm

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

August 20, 2016, 5:13 pm

Who’s been sentenced at Northampton Magistrates’ Court

March 30, 2019, 10:00 pm

मतलबी दोस्त स्टेट्स | Matlabi Dost Status in Hindi – Selfish Friends Status

February 13, 2020, 3:12 am

Family cries out as traditional ruler allegedly abducts brother, extorts N2.5m

September 15, 2024, 1:15 am

Long-Running Conflict In Springfield (MA) Gangland Sphere Has Manzi Family &...

December 26, 2017, 3:59 pm

Wondershare Filmora X v10.1.20.16 x64

February 8, 2021, 5:34 am

Man arrested after fracas in flat

January 16, 2017, 10:10 pm

Man charged in ongoing Sexual Assault Investigation Derek Nyilas, 46, Faces...

May 27, 2019, 8:00 am
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>