Target : 00:0b:86:8f:4f:58 show vpn status profile name:default -------------------------------------------------- current using tunnel :primary tunnel ipsec is preempt status :disable ipsec is fast failover status :disable ipsec hold on period :600 ipsec tunnel monitor frequency (seconds/packet) :5 ipsec tunnel monitor timeout by lost packet cnt :2 ipsec primary tunnel crypto type :Cert ipsec primary tunnel peer address :149.3.135.125 ipsec primary tunnel peer tunnel ip :192.168.100.251 ipsec primary tunnel ap tunnel ip :10.253.0.152 ipsec primary tunnel current sm status :Up ipsec primary tunnel tunnel status :Up ipsec primary tunnel tunnel retry times :1 ipsec primary tunnel tunnel uptime :1 minute 16 seconds ipsec backup tunnel crypto type :Cert ipsec backup tunnel peer address :N/A ipsec backup tunnel peer tunnel ip :N/A ipsec backup tunnel ap tunnel ip :N/A ipsec backup tunnel current sm status :Init ipsec backup tunnel tunnel status :Down ipsec backup tunnel tunnel retry times :0 ipsec backup tunnel tunnel uptime :0 end of show vpn status ======================================================== show upgrade info Image Upgrade Progress ---------------------- Mac IP Address AP Class Status Image Info Error Detail --- ---------- -------- ------ ---------- ------------ 00:0b:86:8f:4f:58 10.0.2.142 Aries downloading image file Image verify fail Auto reboot :enable Use external URL :enable end of show upgrade info ======================================================== show log upgrade ----------Download log start---------- Executing '/aruba/bin/download_image_swarm ac-ftp://192.168.100.251/armv5te.ari --no-proxy' fetching ('/usr/sbin/wget -T 120 -t 3 --no-proxy -a /tmp/download_url_log ftp://sap:x@192.168.100.251/armv5te.ari') --18:49:29-- ftp://sap:*password*@192.168.100.251/armv5te.ari => `armv5te.ari' Connecting to 192.168.100.251:21... connected. Logging in as sap ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD not needed. ==> PASV ... done. ==> RETR armv5te.ari ... done. 0K .......... .......... .......... .......... .......... 43.48 KB/s 50K .......... .......... .......... .......... .......... 3.86 MB/s 100K .......... .......... .......... .......... .......... 82.89 KB/s 150K .......... .......... .......... .......... .......... 74.62 KB/s 200K .......... .......... .......... .......... .......... 81.46 KB/s 250K .......... .......... .......... .......... .......... 84.63 KB/s 300K .......... .......... .......... .......... .......... 39.46 KB/s 350K .......... .......... .......... .......... .......... 73.63 KB/s 400K .......... .......... .......... .......... .......... 36.22 KB/s 450K .......... .......... .......... .......... .......... 80.44 KB/s 500K .......... .......... .......... .......... .......... 84.98 KB/s 550K .......... .......... .......... .......... .......... 78.59 KB/s 600K .......... .......... .......... .......... .......... 85.06 KB/s 650K .......... .......... .......... .......... .......... 85.85 KB/s 700K .......... .......... .......... .......... .......... 80.49 KB/s 750K .......... .......... .......... .......... .......... 81.97 KB/s 800K .......... .......... .......... .......... .......... 84.00 KB/s 850K .......... .......... .......... .......... .......... 76.49 KB/s 900K .......... .......... .......... .......... .......... 82.07 KB/s 950K .......... .......... .......... .......... .......... 80.72 KB/s 1000K .......... .......... .......... .......... .......... 71.10 KB/s 1050K .......... .......... .......... .......... .......... 82.14 KB/s 1100K .......... .......... .......... .......... .......... 65.89 KB/s 1150K .......... .......... .......... .......... .......... 36.65 KB/s 1200K .......... .......... .......... .......... .......... 68.99 KB/s 1250K .......... .......... .......... .......... .......... 70.38 KB/s 1300K .......... .......... .......... .......... .......... 77.32 KB/s 1350K .......... .......... .......... .......... .......... 31.36 KB/s 1400K .......... .......... .......... .......... .......... 78.45 KB/s 1450K .......... .......... .......... .......... .......... 31.38 KB/s 1500K .......... .......... .......... .......... .......... 37.35 KB/s 1550K .......... .......... .......... .......... .......... 54.18 KB/s 1600K .......... .......... .......... .......... .......... 80.30 KB/s 1650K .......... .......... .......... .......... .......... 67.34 KB/s 1700K .......... .......... .......... .......... .......... 70.83 KB/s 1750K .......... .......... .......... .......... .......... 81.41 KB/s 1800K .......... .......... .......... .......... .......... 80.15 KB/s 1850K .......... .......... .......... .......... .......... 77.43 KB/s 1900K .......... .......... .......... .......... .......... 81.34 KB/s 1950K .......... .......... .......... .......... .......... 68.12 KB/s 2000K .......... .......... .......... .......... .......... 71.18 KB/s 2050K .......... .......... .......... .......... .......... 73.50 KB/s 2100K .......... .......... .......... .......... .......... 78.18 KB/s 2150K .......... .......... .......... .......... .......... 68.61 KB/s 2200K .......... .......... .......... .......... .......... 76.88 KB/s 2250K .......... .......... .......... .......... .......... 77.67 KB/s 2300K .......... .......... .......... .......... .......... 31.92 KB/s 2350K .......... .......... .......... .......... .......... 77.72 KB/s 2400K .......... .......... .......... .......... .......... 80.47 KB/s 2450K .......... .......... .......... .......... .......... 67.65 KB/s 2500K .......... .......... .......... .......... .......... 77.86 KB/s 2550K .......... .......... .......... .......... .......... 81.23 KB/s 2600K .......... .......... .......... .......... .......... 69.19 KB/s 2650K .......... .......... .......... .......... .......... 75.64 KB/s 2700K .......... .......... .......... .......... .......... 82.06 KB/s 2750K .......... .......... .......... .......... .......... 82.43 KB/s 2800K .......... .......... .......... .......... .......... 34.25 KB/s 2850K .......... .......... .......... .......... .......... 84.00 KB/s 2900K .......... .......... .......... .......... .......... 77.57 KB/s 2950K .......... .......... .......... .......... .......... 77.61 KB/s 3000K .......... .......... .......... .......... .......... 79.06 KB/s 3050K .......... .......... .......... .......... .......... 79.13 KB/s 3100K .......... .......... .......... .......... .......... 83.65 KB/s 3150K .......... .......... .......... .......... .......... 49.64 KB/s 3200K .......... .......... .......... .......... .......... 78.46 KB/s 3250K .......... .......... .......... .......... .......... 77.48 KB/s 3300K .......... .......... .......... .......... .......... 79.18 KB/s 3350K .......... .......... .......... .......... .......... 83.87 KB/s 3400K .......... .......... .......... .......... .......... 80.84 KB/s 3450K .......... .......... .......... .......... .......... 35.69 KB/s 3500K .......... .......... .......... .......... .......... 30.97 KB/s 3550K .......... .......... .......... .......... .......... 82.07 KB/s 3600K .......... .......... .......... .......... .......... 70.39 KB/s 3650K .......... .......... .......... .......... .......... 80.72 KB/s 3700K .......... .......... .......... .......... .......... 76.84 KB/s 3750K .......... .......... .......... .......... .......... 76.46 KB/s 3800K .......... .......... .......... .......... .......... 80.51 KB/s 3850K .......... .......... .......... .......... .......... 84.98 KB/s 3900K .......... .......... .......... .......... .......... 35.01 KB/s 3950K .......... .......... .......... .......... .......... 83.32 KB/s 4000K .......... .......... .......... .......... .......... 84.17 KB/s 4050K .......... .......... .......... .......... .......... 78.32 KB/s 4100K .......... .......... .......... .......... .......... 81.15 KB/s 4150K .......... .......... .......... .......... .......... 19.85 KB/s 4200K .......... .......... .......... .......... .......... 76.99 KB/s 4250K .......... .......... .......... .......... .......... 40.49 KB/s 4300K .......... .......... .......... .......... .......... 82.77 KB/s 4350K .......... .......... .......... .......... ...... 81.04 KB/s 18:50:38 (64.33 KB/s) - `armv5te.ari' saved [4502252] cleaning up done ----------Download log end------------ Download status: Image verify fail ----------Upgrade log start---------- upgrade log not available ----------Upgrade log end------------ Upgrade status: upgrade status not available end of show log upgrade ======================================================== show log rapper EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! EC_generateKey_FIPS_consistancy_test: GOOD Signature Verify! Jan 23, 18:49:23: main: ethmacstr = 00:0B:86:8F:4F:58 Jan 23, 18:49:23: main: ethmacstr = 00:0B:86:8F:4F:58 Jan 23, 18:49:23: main(): Entered, getpid()=3746 Jan 23, 18:49:23: get_ike_version: Use IKE Version 2 Jan 23, 18:49:23: papi_init papifd:7 ack:13 IKE_EXAMPLE: Starting up IKE server setup_tunnel Jan 23, 18:49:23: IKE_init: ethmacstr = 00:0B:86:8F:4F:58 Initialized Timers IKE_init: completed after (1.0)(pid:3746) time:2014-01-23 18:49:23 seconds. Jan 23, 18:49:23: RAP using default certificates Jan 23, 18:49:23: Before getting Certs Jan 23, 18:49:23: TPM enabled Jan 23, 18:49:23: get_usb_type: Unable to open /tmp/usb_type Jan 23, 18:49:23: CA_MGMT_EXAMPLE_computeHostKeys init cert-len 0 Jan 23, 18:49:23: Factory Device Cert is /tmp/deviceCerts/certifiedKeyCert.der Jan 23, 18:49:23: Reading DER Device Cert file /tmp/deviceCerts/certifiedKeyCert.der Jan 23, 18:49:23: DER Device Cert file len:1767 Jan 23, 18:49:23: Intermediate Cert index:0 is /tmp/deviceCerts/certifiedKeyCaCert.der Jan 23, 18:49:23: Reading DER Intermediate Cert file Jan 23, 18:49:23: DER Intermediate Cert file len:1456 Jan 23, 18:49:23: Intermediate Cert index:1 is /tmp/deviceCerts/caChainCert1.der Jan 23, 18:49:23: Reading DER Intermediate Cert file Jan 23, 18:49:23: DER Intermediate Cert file len:1580 Jan 23, 18:49:23: Decode PEM Key length :0 Jan 23, 18:49:23: testHostKeys : status 0 Jan 23, 18:49:23: testHostKeys : free temp Certificate status 0 Jan 23, 18:49:23: CA_MGMT_EXAMPLE_computeHostKeys after testHostKeys cert-len 1767 Jan 23, 18:49:23: CA Cert index:0 is /tmp/deviceCerts/OpensslOldCA_RootCert.der Jan 23, 18:49:23: Reading DER CA Cert file Jan 23, 18:49:23: DER CA Cert file len:1416 Jan 23, 18:49:23: CA Cert index:1 is /tmp/deviceCerts/MSCAV1_RootCert.der Jan 23, 18:49:23: Reading DER CA Cert file Jan 23, 18:49:23: DER CA Cert file len:1009 Jan 23, 18:49:23: Got 2 Trusted Certs Jan 23, 18:49:23: After getFieldTrustedCerts ret:-1 Jan 23, 18:49:23: Got 0 Field Trusted Certs Jan 23, 18:49:23: CSS CA Cert is /tmp/deviceCerts/CSS_CA_RootCert.der Jan 23, 18:49:23: Reading DER CA Cert file Jan 23, 18:49:23: Error in reading DER CA Cert:/tmp/deviceCerts/CSS_CA_RootCert.der, Ignore It Jan 23, 18:49:23: CA Cert status : 0 Before IKE_initServer Jan 23, 18:49:23: IKE_initServer: Cert length 1767 IKE_initServer: Host Certificate is set (RSA-SIG) {CN=CC0002127::00:0b:86:8f:4f:58} Jan 23, 18:49:23: IKE_EXAMPLE_addServer port:0 natt:0 Jan 23, 18:49:23: srcdev_name = br0 ip a00028e Jan 23, 18:49:23: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:0 IKE_EXAMPLE: Socket created on 10.0.2.142[0] Jan 23, 18:49:23: IKE_EXAMPLE_addServer:1330 socket descriptor is 0 port number 54039 for server instance 0 at 0th index Jan 23, 18:49:23: srcdev_name = br0 ip a00028e Jan 23, 18:49:23: IKE_EXAMPLE_addUdpSkt: Using SocketIndex:1 IKE_EXAMPLE: Socket created on 10.0.2.142[54040] Jan 23, 18:49:23: IKE_EXAMPLE_addServer:1377 socket descriptor is 1 port number 54040 for server instance 0 at 1st index Jan 23, 18:49:23: IKE_EXAMPLE_addDefaultServers status:0 (1.0)(pid:3746) time:2014-01-23 18:49:23 SA_INIT dest=149.3.135.125 Jan 23, 18:49:23: Initialize IKE SA Jan 23, 18:49:23: IKE_CUSTOM_getVersion(peerAddr:9503877d): ikeVersion:2 Timer ID: 1 Initialized Jan 23, 18:49:23: IKE2_newSa(peerAddr:9503877d): IKE_SA-lifetime:28000 I --> Jan 23, 18:49:23: OutSa(v2-peerAddr:0 pxSa->dwPeerAddr:9503877d): Entered ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 NAT_D (us): 7a 44 7d e7 6e 76 34 f3 55 f9 a2 0e a8 1b 26 a6 6d 7d d6 a7 NAT_D (peer): 0b 00 f1 6c fa 46 77 6d f8 d8 34 b3 2c e1 9b cb a1 60 83 a3 Jan 23, 18:49:23: RAPPER_ERROR_FILE doesn't exist Jan 23, 18:49:23: RAPPER_ERROR_FILE doesn't exist Jan 23, 18:49:23: RAPPER_ERROR_FILE doesn't exist Jan 23, 18:49:23: RAPPER_ERROR_FILE doesn't exist Jan 23, 18:49:23: RAPPER_ERROR_FILE doesn't exist spi={55770d90bf33836a 0000000000000000} np=SA exchange=IKE_SA_INIT msgid=0 len=380 #SEND 384 bytes to 149.3.135.125[4500] (1.0)(pid:3746) time:2014-01-23 18:49:23 Jan 23, 18:49:23: IKE_SAMPLE_ikeXchgSend Successfully setsockopt UDP_ENCAP port 54040 IKE_EXAMPLE: IKE_keyConnect() started, id = 0xJan 23, 18:49:23: IKE_EXAMPLE: IKE_keyConnect() started, id = 0x on device br0 e7423f5d... Jan 23, 18:49:23: papi:15200 #RECV 60 bytes from 149.3.135.125[4500] (1.0)(pid:3746) time:2014-01-23 18:49:23 spi={55770d90bf33836a 0000000000000000} np=N exchange=IKE_SA_INIT msgid=0 len=56 I <-- Notify: COOKIE spi={55770d90bf33836a 0000000000000000} np=N exchange=IKE_SA_INIT msgid=0 len=408 #SEND 412 bytes to 149.3.135.125[4500] (1.0)(pid:3746) time:2014-01-23 18:49:23 #RECV 397 bytes from 149.3.135.125[4500] (1.0)(pid:3746) time:2014-01-23 18:49:23 spi={55770d90bf33836a 8791de15851743c2} np=SA exchange=IKE_SA_INIT msgid=0 len=393 I <-- Proposal #1: IKE[4] ENCR_AES 256-BITS PRF_HMAC_SHA1 AUTH_HMAC_SHA1_96 DH_2 Notify: NAT_DETECTION_SOURCE_IP Notify: NAT_DETECTION_DESTINATION_IP NAT_D (us/NAT): bb 38 05 0d 65 90 e8 65 a0 9c ab 50 40 fe 51 f5 ac ed 33 74 VID: 40 48 b7 d5 6e bc e8 85 25 e7 de 7f 00 d6 c2 d3 Jan 23, 18:49:23: Fragmentation is enabled I --> Notify: INITIAL_CONTACT Jan 23, 18:49:23: OutCert: adding leaf Cert of Len:1767 Jan 23, 18:49:23: RAPPER priority old: -19, set to -20 (1.0)(pid:3746) time:2014-01-23 18:49:23 HASH_i 4f 82 7e 61 2b bc f5 c6 5b 1a 8b 54 b4 f6 33 5d ce 42 d3 b1 (3.0)(pid:3746) time:2014-01-23 18:49:25 Jan 23, 18:49:25: OutAuth TPM sign api passed (3.0)(pid:3746) time:2014-01-23 18:49:25 CFG_REQUEST IP4_ADDRESS IP4_NETMASK Jan 23, 18:49:25: OutSa(v2-peerAddr:9503877d pxSa->dwPeerAddr:9503877d): Entered Jan 23, 18:49:25: OutTfm2(v2-peerAddr:9503877d): oTfmId:0 wAuthAlgo:0 wEncrKeyLen:0 wAuthKeyLen:0 bNoEnumEncr:0 bNoEnumAuth:0 ENCR_AES 256-BITS ENCR_3DES AUTH_HMAC_SHA1_96 ESN_0 TSi: 0.0.0.0~255.255.255.255 TSr: 0.0.0.0~255.255.255.255 spi={55770d90bf33836a 8791de15851743c2} np=E{IDi} exchange=IKE_AUTH msgid=1 len=2300 #SEND 2304 bytes to 149.3.135.125[4500] (3.0)(pid:3746) time:2014-01-23 18:49:25 Jan 23, 18:49:25: Sending fragment, size = 530 Jan 23, 18:49:25: Sending fragment, size = 530 Jan 23, 18:49:25: Sending fragment, size = 530 Jan 23, 18:49:25: Sending fragment, size = 530 Jan 23, 18:49:25: Sending last fragment, size = 352 #RECV 900 bytes from 149.3.135.125[4500] (3.0)(pid:3746) time:2014-01-23 18:49:26 spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 ike2.c (662): errorCode = ERR_FRAGMENTATION_REQUIRED spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 Insert Timer type 1 Sec 70 uSec 0 #RECV 900 bytes from 149.3.135.125[4500] (3.0)(pid:3746) time:2014-01-23 18:49:26 spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 ike2.c (662): errorCode = ERR_FRAGMENTATION_REQUIRED spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 #RECV 900 bytes from 149.3.135.125[4500] (3.0)(pid:3746) time:2014-01-23 18:49:26 spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 ike2.c (662): errorCode = ERR_FRAGMENTATION_REQUIRED spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 #RECV 900 bytes from 149.3.135.125[4500] (3.0)(pid:3746) time:2014-01-23 18:49:26 spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 ike2.c (662): errorCode = ERR_FRAGMENTATION_REQUIRED spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 #RECV 900 bytes from 149.3.135.125[4500] (3.0)(pid:3746) time:2014-01-23 18:49:26 spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 ike2.c (662): errorCode = ERR_FRAGMENTATION_REQUIRED spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 #RECV 900 bytes from 149.3.135.125[4500] (3.0)(pid:3746) time:2014-01-23 18:49:26 spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 ike2.c (662): errorCode = ERR_FRAGMENTATION_REQUIRED spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 #RECV 900 bytes from 149.3.135.125[4500] (3.0)(pid:3746) time:2014-01-23 18:49:26 spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 ike2.c (662): errorCode = ERR_FRAGMENTATION_REQUIRED spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=896 #RECV 100 bytes from 149.3.135.125[4500] (3.0)(pid:3746) time:2014-01-23 18:49:26 spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=96 ike2.c (662): errorCode = ERR_FRAGMENTATION_REQUIRED spi={55770d90bf33836a 8791de15851743c2} np=FGMT exchange=IKE_AUTH msgid=1 len=96 Jan 23, 18:49:26: IKE2_fragRecv Rcvd all 8 fragments Delete Timer Type 1 #RECV 6112 bytes from 149.3.135.125[4500] (3.0)(pid:3746) time:2014-01-23 18:49:26 spi={55770d90bf33836a 8791de15851743c2} np=E{IDr} exchange=IKE_AUTH msgid=1 len=6108 I <-- Jan 23, 18:49:26: sort_certificate_chain: Size of certificate chain to be sorted: 4 Jan 23, 18:49:26: sort_certificate_chain: Current cert index being considered: 0 Jan 23, 18:49:26: sort_certificate_chain: Cert at index 1 is an issuer cert for cert at index 0 Jan 23, 18:49:26: sort_certificate_chain: Current cert index being considered: 1 Jan 23, 18:49:26: sort_certificate_chain: Cert at index 0 is not an issuer cert for cert at index 1 Jan 23, 18:49:26: sort_certificate_chain: Cert at index 2 is an issuer cert for cert at index 1 Jan 23, 18:49:26: sort_certificate_chain: Current cert index being considered: 2 Jan 23, 18:49:26: sort_certificate_chain: Cert at index 0 is not an issuer cert for cert at index 2 Jan 23, 18:49:26: sort_certificate_chain: Cert at index 1 is not an issuer cert for cert at index 2 Jan 23, 18:49:26: sort_certificate_chain: Cert at index 3 is an issuer cert for cert at index 2 Jan 23, 18:49:26: sort_certificate_chain: Current cert index being considered: 3 Jan 23, 18:49:26: sort_certificate_chain: Cert at index 0 is not an issuer cert for cert at index 3 Jan 23, 18:49:26: sort_certificate_chain: Cert at index 1 is not an issuer cert for cert at index 3 Jan 23, 18:49:26: sort_certificate_chain: Cert at index 2 is not an issuer cert for cert at index 3 Jan 23, 18:49:26: sort_certificate_chain: Last cert has n parent in chain Jan 23, 18:49:26: CERT_ComputeCertificateHash: status :0 Jan 23, 18:49:26: CERT_verifyRSACertSignature: comparison result 0 Jan 23, 18:49:26: CERT_ComputeCertificateHash: status :0 Jan 23, 18:49:26: CERT_verifyRSACertSignature: comparison result 0 Jan 23, 18:49:26: CERT_ComputeCertificateHash: status :0 Jan 23, 18:49:26: CERT_verifyRSACertSignature: comparison result 0 Jan 23, 18:49:26: IKE_certGetKey(peer:9503877d): isCSS:0 Check in ArubaTrustedCaCerts, numCaCerts:2 Jan 23, 18:49:26: IKE_certGetKey(): Cert trying ArubaTrustedCaCerts[0] Jan 23, 18:49:26: IKE_certGetKey(): verify the validity Jan 23, 18:49:26: IKE_certGetKey(): Cert trying ArubaTrustedCaCerts[1] Jan 23, 18:49:26: IKE_certGetKey(): verify the validity Jan 23, 18:49:26: CERT_ComputeCertificateHash: status :0 Jan 23, 18:49:26: CERT_verifyRSACertSignature: comparison result 0 Jan 23, 18:49:26: IKE_certGetKey(): iset the key value 0x11acdc HASH_r d8 f1 8c 2e 85 db 36 60 ba ad 38 2f 40 aa f0 5b 9a 03 33 b7 CFG_REPLY IP4_ADDRESS(10.253.0.152) PASSCODE(****) MESSAGE("HIS-PAR-RAP") CHALLENGE(48 49 53 2d 53 45 41 54 54 4c 45 2d 52 41 50) IP4_ADDRESS(10.253.0.152) Jan 23, 18:49:26: RespCfg IKE_CFG_ATTR_T:1 Internal IPv4 Address:afd0098 PASSCODE(****) Jan 23, 18:49:26: RespCfg IKE_CFG_ATTR_T:16 Internal IPv4 LMS Address:c0a864fb MESSAGE("HIS-PAR-RAP") Jan 23, 18:49:26: RespCfg IKE_CFG_ATTR_T:17 Internal AP Group :HIS-PAR-RAP, len=11 CHALLENGE(48 49 53 2d 53 45 41 54 54 4c 45 2d 52 41 50) Jan 23, 18:49:26: RespCfg IKE_CFG_ATTR_T:18 Internal AP Name :HIS-SEATTLE-RAP, len=15 10.253.0.152IKE_startIPSEC: starting IPSEC SA Jan 23, 18:49:26: IKE_confSet InnerIP:afd0098, mTransportMode=0 Jan 23, 18:49:26: IPSEC_confAdd(): Entered Jan 23, 18:49:26: IPSec_newSp returned 0 Jan 23, 18:49:26: IPSEC_confAdd(): Entered Jan 23, 18:49:26: IPSec_newSp returned 0 10.253.0.152 Proposal #1: ESP[3] spi=82af8b00 ENCR_AES 256-BITS AUTH_HMAC_SHA1_96 ESN_0 Jan 23, 18:49:26: IKE_SAMPLE_ikeStatHdlr(SA): dwPeerAddr:9503877d index:0 mPeerType:0 Jan 23, 18:49:26: IKE_SA [v2 I] (id=0xe7423f5d) (flags:0x4100001d) (state:5) mode:Tunnel created. (3.0)(pid:3746) time:2014-01-23 18:49:26 (3.0)(pid:3746) time:2014-01-23 18:49:26 Timer ID: 1 Deleted IKE_addIPsecKey(ike=e7423f5d) Jan 23, 18:49:26: Add new key to the driver for ipsec Jan 23, 18:49:26: arubaIPSecSetKeys(): src: 10. 0. 2.142:54040 dst:149. 3.135.125:4500 IPSEC-lifetime 7200 Rekey-interval 5688 ESP spi=82af8b00 149.3.135.125 << 10.0.2.142 spd=0[0] exp=7200 secs auth=sha1 encr=aes Jan 23, 18:49:26: Add new key to the driver for ipsec Jan 23, 18:49:26: arubaIPSecSetKeys(): src: 10. 0. 2.142:54040 dst:149. 3.135.125:4500 IPSEC-lifetime 7200 Rekey-interval 5688 ESP spi=3ff95e00 10.0.2.142 << 149.3.135.125 spd=0[0] exp=7200 secs auth=sha1 encr=aes Jan 23, 18:49:26: IKE_SAMPLE_ikeStatHdlr(CHILD_SA): dwPeerAddr:9503877d index:0 mPeerType:0 Jan 23, 18:49:26: CHILD_SA [v2 I] created. 10.253.0.152Jan 23, 18:49:26: config_tunnel ret:0 ifconfig tun0 10.253.0.152 pointopoint 10.253.0.152 netmask 255.255.255.255 mtu 1300 up Jan 23, 18:49:26: config_tunnel-setaddr ret:0 tun0 afd0098 Jan 23, 18:49:26: check_tun_device returned addr from ioctl : afd0098 Jan 23, 18:49:26: check_tun_device IF is UP from ioctl Jan 23, 18:49:26: send_sapd_tunup(to 149.3.135.125): TUNNEL to MASTER established, tun_name tun0 Jan 23, 18:49:26: send_sapd_tunup(to 149.3.135.125): PAPI_Send RC_OPCODE_PPP_UP ip:afd0098 apgroup:HIS-PAR-RAP apname:HIS-SEATTLE-RAP (3.0)(pid:3746) time:2014-01-23 18:49:26 Jan 23, 18:49:26: ipsectokernel() done (4.0)(pid:3746) time:2014-01-23 18:49:26 Jan 23, 18:49:26: IKE_SAMPLE_ikeStatHdlr: enabling Single-Encryption for Non-CSS tunnel by default Jan 23, 18:49:26: enablesinglecrypt(): val:1 ret:0 err:0 (4.0)(pid:3746) time:2014-01-23 18:49:26 rapperSendStatusCB end of show log rapper ========================================================