user@host> show log ike-test
…
Jun 13 10:36:52 ike_st_i_cr: Start
Jun 13 10:36:52 ike_st_i_cert: Start
Jun 13 10:36:52 ike_st_i_private: Start
Jun 13 10:36:52 ike_st_o_iD. Start
Jun 13 10:36:52 ike_st_o_hash: Start
Jun 13 10:36:52 ike_find_pre_shared_key: Find pre shared key key for 172.168.100.2:500, id =
ipv4(udp:500,[0..3]=172.168.100.2) -> 192.168.101.2:500, id = No Id
Jun 13 10:36:52 ike_policy_reply_find_pre_shared_key: Start
Jun 13 10:36:52 ike_calc_maC. Start, initiator = true, local = true
Jun 13 10:36:52 ike_st_o_status_n: Start
Jun 13 10:36:52 ike_st_o_private: Start
Jun 13 10:36:52 ike_policy_reply_private_payload_out: Start
Jun 13 10:36:52 ike_st_o_encrypt: Marking encryption for packet
Jun 13 10:36:52 ike_encode_packet: Start, SA = { 0x86b8160b 93a10c7c – c6c3a771 f0475656 } /
00000000, nego = -1
Jun 13 10:36:52 ike_send_packet: Start, send SA = { 86b8160b 93a10c7c – c6c3a771 f0475656},
nego = -1, src = 172.168.100.2:500, dst = 192.168.101.2:500, routing table id = 0
Jun 13 10:36:52 ike_get_s
A.
Start, SA = { 86b8160b 93a10c7c – c6c3a771 f0475656 } / 4cb03305,
remote = 192.168.101.2:500
Jun 13 10:36:52 ike_sa_finD. Found SA = { 86b8160b 93a10c7c – c6c3a771 f0475656 }
Jun 13 10:36:52 ike_alloc_negotiation: Start, SA = { 86b8160b 93a10c7c – c6c3a771 f0475656}
Jun 13 10:36:52 ike_decode_packet: Start
Jun 13 10:36:52 ike_decode_packet: Start, SA = { 86b8160b 93a10c7c – c6c3a771 f0475656} /
4cb03305, nego = 0
Jun 13 10:36:52 ike_st_i_n: Start, doi = 1, protocol = 1, code = Payload malformed (16), spi[0..16]
= 86b8160b 93a10c7c …, data[0..113] = 800c0001 80030081 …
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Notification data has attribute list
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Notify message version = 1
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending payload type = 129
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending payload data offset = 1
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Error text = Incorrect pre-shared key (Reserved not 0)
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending message id = 0x00000000
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Received notify err = Payload malformed (16) to
isakmp sa, delete it
…
Jun 13 10:37:07 ike_free_negotiation_info: Start, nego = 0
Jun 13 10:37:07 ike_free_negotiation: Start, nego = 0
Jun 13 10:37:07 ike_retransmit_callback: Start, retransmit SA = { 17ef27d0 508bc5db – 00000000
00000000}, nego = -1
Jun 13 10:37:07 ike_send_packet: Start, retransmit previous packet SA = { 17ef27d0 508bc5db –
00000000 00000000}, nego = -1, src = 172.168.100.2:500, dst = 192.168.103.3:500, routing table
id = 0
…
Jun 13 10:37:17 ike_free_negotiation_info: Start, nego = 0
Jun 13 10:37:17 ike_free_negotiation: Start, nego = 0
Jun 13 10:37:19 ike_get_sA. Start, SA = { 4326380f a67dbcf3 – 00000000 00000000 } / 00000000,
remote = 192.168.103.2:500
Jun 13 10:37:19 ike_sa_allocate: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d }
Jun 13 10:37:19 ike_init_isakmp_sA. Start, remote = 192.168.103.2:500, initiator = 0
Jun 13 10:37:19 ike_decode_packet: Start
Jun 13 10:37:19 ike_decode_packet: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d} /
00000000, nego = -1
Jun 13 10:37:19 ike_decode_payload_sA. Start
Jun 13 10:37:19 ike_decode_payload_t: Start, # trans = 2
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = afcad713 68a1f1c9 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..28] = 69936922 8741c6d4 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 27bab5dc 01ea0760 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 6105c422 e76847e4 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 4485152d 18b6bbcd …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = cd604643 35df21f8 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 90cb8091 3ebb696e …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 7d9419a6 5310ca6f …
Jun 13 10:37:19 ike_st_i_sa_proposal: Start
Jun 13 10:37:19 ike_isakmp_sa_reply: Start
Jun 13 10:37:19 ike_st_i_cr: Start
Jun 13 10:37:19 ike_st_i_cert: Start
Jun 13 10:37:19 ike_st_i_private: Start
Jun 13 10:37:19 ike_st_o_sa_values: Start
Jun 13 10:37:19 172.168.100.2:500 (Responder) -> 192.168.103.2:500 { 4326380f a67dbcf3 –
a8307123 9c0e1f9d [-1] / 0x00000000 } IP; Error = No proposal chosen (14)
Jun 13 10:37:19 ike_alloc_negotiation: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d}
Jun 13 10:37:19 ike_encode_packet: Start, SA = { 0x4326380f a67dbcf3 – a8307123 9c0e1f9d } /
1a8c665d, nego = 0
Jun 13 10:37:19 ike_send_packet: Start, send SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d},
nego = 0, src = 172.168.100.2:500, dst = 192.168.103.2:500, routing table id = 0
Jun 13 10:37:19 ike_delete_negotiation: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d},
nego = 0
You are asked to set up an IPsec tunnel to the destination 192.168.103.2. After applying the
configuration, you notice in the show security ike security-associations output that the destination
stays in a down state. What is causing the problem?
The preshared key is incorrect.
A.
Start, SA = { 86b8160b 93a10c7c – c6c3a771 f0475656 } / 4cb03305,
remote = 192.168.101.2:500
Jun 13 10:36:52 ike_sa_finD. Found SA = { 86b8160b 93a10c7c – c6c3a771 f0475656 }
Jun 13 10:36:52 ike_alloc_negotiation: Start, SA = { 86b8160b 93a10c7c – c6c3a771 f0475656}
Jun 13 10:36:52 ike_decode_packet: Start
Jun 13 10:36:52 ike_decode_packet: Start, SA = { 86b8160b 93a10c7c – c6c3a771 f0475656} /
4cb03305, nego = 0
Jun 13 10:36:52 ike_st_i_n: Start, doi = 1, protocol = 1, code = Payload malformed (16), spi[0..16]
= 86b8160b 93a10c7c …, data[0..113] = 800c0001 80030081 …
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Notification data has attribute list
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Notify message version = 1
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending payload type = 129
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending payload data offset = 1
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Error text = Incorrect pre-shared key (Reserved not 0)
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending message id = 0x00000000
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c –
c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Received notify err = Payload malformed (16) to
isakmp sa, delete it
…
Jun 13 10:37:07 ike_free_negotiation_info: Start, nego = 0
Jun 13 10:37:07 ike_free_negotiation: Start, nego = 0
Jun 13 10:37:07 ike_retransmit_callback: Start, retransmit SA = { 17ef27d0 508bc5db – 00000000
00000000}, nego = -1
Jun 13 10:37:07 ike_send_packet: Start, retransmit previous packet SA = { 17ef27d0 508bc5db –
00000000 00000000}, nego = -1, src = 172.168.100.2:500, dst = 192.168.103.3:500, routing table
id = 0
…
Jun 13 10:37:17 ike_free_negotiation_info: Start, nego = 0
Jun 13 10:37:17 ike_free_negotiation: Start, nego = 0
Jun 13 10:37:19 ike_get_sA. Start, SA = { 4326380f a67dbcf3 – 00000000 00000000 } / 00000000,
remote = 192.168.103.2:500
Jun 13 10:37:19 ike_sa_allocate: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d }
Jun 13 10:37:19 ike_init_isakmp_sA. Start, remote = 192.168.103.2:500, initiator = 0
Jun 13 10:37:19 ike_decode_packet: Start
Jun 13 10:37:19 ike_decode_packet: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d} /
00000000, nego = -1
Jun 13 10:37:19 ike_decode_payload_sA. Start
Jun 13 10:37:19 ike_decode_payload_t: Start, # trans = 2
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = afcad713 68a1f1c9 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..28] = 69936922 8741c6d4 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 27bab5dc 01ea0760 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 6105c422 e76847e4 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 4485152d 18b6bbcd …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = cd604643 35df21f8 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 90cb8091 3ebb696e …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 7d9419a6 5310ca6f …
Jun 13 10:37:19 ike_st_i_sa_proposal: Start
Jun 13 10:37:19 ike_isakmp_sa_reply: Start
Jun 13 10:37:19 ike_st_i_cr: Start
Jun 13 10:37:19 ike_st_i_cert: Start
Jun 13 10:37:19 ike_st_i_private: Start
Jun 13 10:37:19 ike_st_o_sa_values: Start
Jun 13 10:37:19 172.168.100.2:500 (Responder) -> 192.168.103.2:500 { 4326380f a67dbcf3 –
a8307123 9c0e1f9d [-1] / 0x00000000 } IP; Error = No proposal chosen (14)
Jun 13 10:37:19 ike_alloc_negotiation: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d}
Jun 13 10:37:19 ike_encode_packet: Start, SA = { 0x4326380f a67dbcf3 – a8307123 9c0e1f9d } /
1a8c665d, nego = 0
Jun 13 10:37:19 ike_send_packet: Start, send SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d},
nego = 0, src = 172.168.100.2:500, dst = 192.168.103.2:500, routing table id = 0
Jun 13 10:37:19 ike_delete_negotiation: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d},
nego = 0
You are asked to set up an IPsec tunnel to the destination 192.168.103.2. After applying the
configuration, you notice in the show security ike security-associations output that the destination
stays in a down state. What is causing the problem?
The preshared key is incorrect.
B.
The proposal does not match.
C.
The gateway is incorrect.
D.
The IKE policy does not match.