(CONCORD-MASTER) (config) # show log security 100 | include ike
Feb 21 15:28:35 :103063:  <DBUG> |ike|   xlp_rcv_response: Nothing to be read from cryptolib fd
Feb 21 15:28:35 :103063:  <DBUG> |ike|   ike_phase_1_post_exchange_KE_NONCE: already called before, ignoring this call
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ike_phase_1_recv_ID_AUTH for peer:24.60.50.9
Feb 21 15:28:36 :103060:  <DBUG> |ike|  24.60.50.9:50322-> ike_phase_1.c:ike_phase_1_recv_ID:2190 received IKE ID Type 11 exchange:24.60.50.9
Feb 21 15:28:36 :103015:  <INFO> |ike|  IKE Main Mode Phase 1 succeeded for peer 24.60.50.9
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_handle_leftover_payload: isarubaCampusAp 0 or isarubaAP 1 phase 1 id_i_len 21 ike_auth 65001
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_handle_leftover_payload: calling mac_hash_tbl entry id_i 00:0B:86:F6:7B:76
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> mac_hash_tbl_entry_add: adding mac hash table entry for user 00:0B:86:F6:7B:76
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> mac_hash_tbl_entry_add: Cookies : Initiator cookie:aacb810848cd3cfd Responder cookie:85342b613b0b7eb6
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> mac_hash_tbl_entry_add: converted mac : 0:b:86:f6:7b:76
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> mac_hash_tbl_entry_add: found an existing mac entry
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> mac_hash_tbl_entry_add: deleting old sas
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> mac_hash_tbl_entry_add: added sa entry to an existing mac entry
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_handle_leftover_payload: received INITIAL-CONTACT
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_handle_leftover_payload: isarubaCampusAp 0 or isarubaAP 1 phase 1 id_i_len 21 ike_auth 65001
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_handle_leftover_payload: calling mac_hash_tbl entry id_i 00:0B:86:F6:7B:76
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> mac_hash_tbl_entry_add: adding mac hash table entry for user 00:0B:86:F6:7B:76
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> mac_hash_tbl_entry_add: Cookies : Initiator cookie:aacb810848cd3cfd Responder cookie:85342b613b0b7eb6
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> mac_hash_tbl_entry_add: converted mac : 0:b:86:f6:7b:76
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> mac_hash_tbl_entry_add: found an existing mac entry
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> mac_hash_tbl_entry_add: deleting old sas
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ikev1_same_sa: cookies are the same
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_handle_leftover_payload: received INITIAL-CONTACT
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ike_phase_1_send_ID 24.60.50.9
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ike_auth_hash
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ike_phase_1_send_AUTH
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> responder_send_ID_AUTH pskCount 0, newPsk 0
Feb 21 15:28:36 :103060:  <DBUG> |ike|  24.60.50.9:50322-> ike_main_mode.c:responder_send_ID_AUTH:256  Updated Phase1 port 50322->50322
Feb 21 15:28:36 :103060:  <DBUG> |ike|  24.60.50.9:50322-> ike_main_mode.c:responder_send_ID_AUTH:276  finished
Feb 21 15:28:36 :103060:  <DBUG> |ike|   sa.c:sa_setup_arubaap_expirations:2446 Setting short IKE SA for our AP external IP 24.60.50.9 until 2nd IPSEC rekey
Feb 21 15:28:36 :103063:  <DBUG> |ike|   xauth_responder_send_userreq peer:24.60.50.9
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> xauth_responder_recv_userrep peer:24.60.50.9
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> length of attribute is 38
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> new length of attribute is 38
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> got username=u_1487691308511
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> got password=******
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> got user=u_1487691308511, pass=******
Feb 21 15:28:36 :103060:  <DBUG> |ike|  24.60.50.9:50322-> ipc.c:ipc_auth_xauth:4262 ipc_auth_xauth user=u_1487691308511, pass=******
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipc_auth_xauth exch:7f6224 exip:0 extype:6 cookie:1491297388
Feb 21 15:28:36 :103063:  <DBUG> |ike|   ipc_auth_recv_packet cookie:1491297388 innerip 0
Feb 21 15:28:36 :103063:  <DBUG> |ike|   *** ipc_auth_recv_packet user=u_1487691308511, pass=******, result=0   exch:7f6224, exch-innerip:0 l2tp_pool:default-l2tp-pool
Feb 21 15:28:36 :103063:  <DBUG> |ike|   ipc_auth_recv_packet Inner-ip 10.9.0.1 from L2TP pool default-l2tp-pool, DNS1:a000232, DNS2:0, WINS1:0, WINS2:0
Feb 21 15:28:36 :103063:  <DBUG> |ike|   ipc_auth_recv_packet innerip:10.9.0.1 user-pool:default-l2tp-pool
Feb 21 15:28:36 :103063:  <DBUG> |ike|   ipc_auth_recv_packet sa src=0x0a000514, dst=0x183c3209
Feb 21 15:28:36 :103063:  <DBUG> |ike|   ipc_auth_recv_packet calling client_auth_ip_up for InnerIP a090001
Feb 21 15:28:36 :103047:  <INFO> |ike|  IKE XAuth succeeded for 10.9.0.1 (External 24.60.50.9) for ap-role
Feb 21 15:28:36 :103063:  <DBUG> |ike|   xauth_responder_send_statusset peer:24.60.50.9
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> xauth_responder_recv_statusack peer:24.60.50.9
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> exchange_update_iv: udpating exch 0x7f6224 from 0x4c5b937c to 0x4b4183e7
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> xauth_responder_recv_ipreq peer:24.60.50.9
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> length of attribute is 8
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> xauth_responder_send_iprep peer:24.60.50.9 innerip:10.9.0.1
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> xauth_responder_send_iprep: Sending Aruba LMS IP a000514
Feb 21 15:28:36 :103060:  <DBUG> |ike|  24.60.50.9:50322-> sa.c:ike_sa_setup_ph2complete_timer:3372 SA 0x7c2c34 ph2-completion timeout in 30 seconds
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ike_phase_2_validate_prop_for_client sa is valid  sa-phase 2 isakmpd_sa is valid isakmpd_sa phase 1
Feb 21 15:28:36 :103060:  <DBUG> |ike|  24.60.50.9:50322-> ike_quick_mode.c:ike_phase_2_validate_prop_for_client:3287 Skipping crypto map default-rap-ipsecmap
Feb 21 15:28:36 :103060:  <DBUG> |ike|  24.60.50.9:50322-> ike_quick_mode.c:ike_phase_2_validate_prop_for_client:3287 Skipping crypto map default-ikev2-dynamicmap
Feb 21 15:28:36 :103060:  <DBUG> |ike|  24.60.50.9:50322-> ike_quick_mode.c:ike_phase_2_validate_prop_for_client:3291 Trying crypto map default-dynamicmap
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> attribute_p2_unacceptable: save_type = 1
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> attribute_p2_unacceptable: no lifetime is configured in the map lifetime_units 1
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ike_phase_2_validate_prop_for_client setting lifetime_units 1 in isakmpd sa curr_map default-dynamicmap
Feb 21 15:28:36 :103060:  <DBUG> |ike|  24.60.50.9:50322-> ike_quick_mode.c:responder_recv_HASH_SA_NONCE:2712 message negotiation succeeded
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_decode_transform: transform 1 chosen
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_decode_attribute:  lifetype 1 sa->lifetime_units = 1
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_decode_transform: SUCCESS
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_spi_hash_tbl_entry_add: adding IPSEC spi 0x40484100 to SPI hash table
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_spi_hash_tbl_entry_add: successfully added IPSEC spi 0x40484100 to SPI hash table
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> post_quick_mode keymat:0 len:52
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> post_quick_mode keymat:1 len:52
Feb 21 15:28:36 :103022:  <INFO> |ike|  IKE Quick Mode succeeded for peer 24.60.50.9
Feb 21 15:28:36 :103033:  <INFO> |ike|  IKE Quick Mode succeeded internal 10.9.0.1, external 24.60.50.9
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_finalize_exchange: src_net 0.0.0.0 src_mask 0.0.0.0 dst_net 10.9.0.1 dst_mask 255.255.255.255 tproto 0 sport 0 dport 0
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> pf_key_v2_enable_sa rekeying 0 saxauthip 0 isainnerip 0
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> pf_key_v2_enable_sa saxauthip 0.0.0.0
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> pf_key_v2_enable_sa isainnerip 10.9.0.1
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipsec_sa 0x7eece4, proto 0x79a7ec
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipc_setup_ipsec_dp_sa add=1, out=1, sa=0x7f284c, proto=0x79a7ec
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipc_setup_ipsec_dp_sa sa src=0x0a000514, dst=0x183c3209
Feb 21 15:28:36 :103060:  <DBUG> |ike|  24.60.50.9:50322-> ipc.c:ipc_print_dp_packet:3766 DP: :TUNNEL::SA_ADD::L2TP: OFF::outgoing::ESP::AES256::Auth = SHA1:, SPI 4DCF4000, esrc A000514, edst_ip 183C3209, dst_ip A090001, natt 1, natt_dport 50322, l2tp_tunid 0, l2tp_sessid 0, l2tp_hello 0
Feb 21 15:28:36 :103060:  <DBUG> |ike|  24.60.50.9:50322-> ipc.c:ipc_modify_sb_data:3145 IPSEC  dst_ip=10.9.0.1, dst_mask 0.0.0.0 inner_ip 10.9.0.1 client:yestrusted:no, Master-Local:no
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322->  Added the outgoing IPSEC SA --- DONE  !!
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipc_setup_ipsec_dp_sa add=1, out=0, sa=0x7f284c, proto=0x79a7ec
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipc_setup_ipsec_dp_sa sa src=0x0a000514, dst=0x183c3209
Feb 21 15:28:36 :103060:  <DBUG> |ike|  24.60.50.9:50322-> ipc.c:ipc_print_dp_packet:3766 DP: :TUNNEL::SA_ADD::L2TP: OFF::incoming::ESP::AES256::Auth = SHA1:, SPI 40484100, esrc 183C3209, edst_ip A000514, dst_ip A090001, natt 1, natt_dport 50322, l2tp_tunid 0, l2tp_sessid 0, l2tp_hello 0
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322->  Added the incoming IPSEC SA --- DONE  !!
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ipc_ike_recv_packet: RAP increment session-count 4
Feb 21 15:28:36 :103063:  <DBUG> |ike|  24.60.50.9:50322-> ->Delete DOI_MIN Exchange ic aacb810848cd3cfd rc 85342b613b0b7eb6
Feb 21 15:28:55 :103063:  <DBUG> |ike|   ->Delete ID_PROT Exchange ic aacb810848cd3cfd rc 85342b613b0b7eb6
Feb 21 15:28:55 :103063:  <DBUG> |ike|   modp_free entered
Feb 21 15:28:56 :103063:  <DBUG> |ike|   ->Delete TRANSACTION Exchange ic aacb810848cd3cfd rc 85342b613b0b7eb6
Feb 21 15:29:32 :103060:  <DBUG> |ike|   ipc.c:ipc_rcvcb:2185 Auth ip down message.  ip=10.9.0.1
Feb 21 15:29:32 :103063:  <DBUG> |ike|   sa_free: 10.9.0.1 not found in InnerIPHashTable
Feb 21 15:29:32 :103102:  <INFO> |ike|  IKE SA deleted for peer 24.60.50.9
Feb 21 15:29:32 :103063:  <DBUG> |ike|   sa_release-> SA ph:1 ref:0 flags:10583 ic aacb810848cd3cfd rc 85342b613b0b7eb6
Feb 21 15:29:32 :103063:  <DBUG> |ike|   sa_release: sa->isarubaAP 1 isarubaCampusAP 0 sa->id_i_len 21
Feb 21 15:29:32 :103063:  <DBUG> |ike|   sa_release: calling mac_hash_tbl_delete_sa_entry id_i 00:0B:86:F6:7B:76
Feb 21 15:29:32 :103063:  <DBUG> |ike|   mac_hash_tbl_delete_sa_entry: deleting for mac 00:0B:86:F6:7B:76
Feb 21 15:29:32 :103063:  <DBUG> |ike|   ikev1_same_sa: cookies are the same
Feb 21 15:29:32 :103069:  <INFO> |ike|  IKE received AP DOWN for 10.9.0.1 (External 24.60.50.9)