Jeff,
Here you go:
$ grep -v ^# /etc/npppd/npppd.conf
authentication LOCAL type local {
users-file "/etc/npppd/npppd-users"
}
tunnel L2TP_ipv4 protocol l2tp {
listen on 0.0.0.0
}
ipcp IPCP {
pool-address 10.0.0.2-10.0.0.254
dns-servers 8.8.8.8
}
interface pppx0 address 10.0.0.1 ipcp IPCP
bind tunnel from L2TP_ipv4 authenticated by LOCAL to pppx0
Thanks,
Matt
On Mon, Dec 30, 2013 at 4:10 PM, Jeff Goettsch <j...@primal.ucdavis.edu>wrote:
> What does your npppd.conf look like?
>
>
>
> --
> Jeff Goettsch
> Agricultural and Resource Economics
> http://agecon.ucdavis.edu/
> 530-752-2219
>
>
> On 12/29/13 5:58 PM, Matt Carlson wrote:
>
>> Hello,
>>
>> I'm trying to get my iPhone with iOS 7.0.4 to connect to my OpenBSD
>> VPN server. If I understand the problem correctly, it's unable to
>> negotiate phase 2. I'd welcome any pointers.
>>
>> Below, I've provided the output of uname, rc.conf.local, ipsec.conf,
>> messages, isakmpd.pcap. I changed a couple IP addresses and FQDNs
>> (e.g. 10.a.b.c) and I removed some line from /var/log/messages and
>> replaced them with "<snip>", since this is already fairly long.
>>
>> I welcome any suggestions/recommendations.
>>
>> Thanks,
>>
>> Matt
>>
>> # uname -a
>> OpenBSD carbon.my.domain 5.4 GENERIC#37 i386
>> # cat /etc/rc.conf.local
>>
>>
>> ipsec=YES
>> isakmpd_flags="-Kv"
>> ftpproxy_flags=""
>> ntpd_flags=
>> pppd_flags=""
>> route6d_flags=""
>> named_flags=""
>> # grep -v ^# /etc/ipsec.conf
>>
>>
>> ike passive esp transport \
>> proto udp \
>> from any to any port 1701 \
>> main auth "hmac-sha1" enc "aes" group modp1024 \
>> quick auth "hmac-sha1" enc "aes-256" \
>> psk "1"
>> # cat /var/log/messages
>> <snip>
>> Dec 29 16:31:23 carbon named[6427]: starting BIND 9.4.2-P2
>> Dec 29 16:31:24 carbon named[6427]: command channel listening on
>> 127.0.0.1#953
>> Dec 29 16:31:24 carbon named[6427]: command channel listening on ::1#953
>> Dec 29 16:31:24 carbon named[6427]: running
>> Dec 29 16:31:26 carbon isakmpd[595]: isakmpd: starting
>> Dec 29 16:31:29 carbon npppd[22659]: Starting npppd pid=22659
>> version=5.0.0
>> Dec 29 16:31:30 carbon isakmpd[28467]: log_packet_init: starting IKE
>> packet
>> capture to file "/var/run/isakmpd.pcap"
>> Dec 29 16:31:30 carbon npppd[22659]: Load configuration
>> from='/etc/npppd/npppd.conf' successfully.
>> <snip>
>> Dec 29 16:32:58 carbon isakmpd[28467]: isakmpd: phase 1 done (as
>> responder): initiator id 10.a.b.c, responder id 69.g.h.i, src: 69.g.h.i
>> dst: 166.d.e.f
>> Dec 29 16:32:59 carbon isakmpd[28467]: responder_recv_HASH_SA_NONCE: peer
>> proposed invalid phase 2 IDs: initiator id 10.a.b.c, responder id 69.g.h.i
>> Dec 29 16:32:59 carbon isakmpd[28467]: dropped message from 166.d.e.f port
>> 48970 due to notification type INVALID_ID_INFORMATION
>> Dec 29 16:33:02 carbon isakmpd[28467]: responder_recv_HASH_SA_NONCE: peer
>> proposed invalid phase 2 IDs: initiator id 10.a.b.c, responder id 69.g.h.i
>> Dec 29 16:33:02 carbon isakmpd[28467]: dropped message from 166.d.e.f port
>> 48970 due to notification type INVALID_ID_INFORMATION
>> Dec 29 16:33:06 carbon isakmpd[28467]: responder_recv_HASH_SA_NONCE: peer
>> proposed invalid phase 2 IDs: initiator id 10.a.b.c, responder id 69.g.h.i
>> Dec 29 16:33:06 carbon isakmpd[28467]: dropped message from 166.d.e.f port
>> 48970 due to notification type INVALID_ID_INFORMATION
>> Dec 29 16:33:09 carbon isakmpd[28467]: responder_recv_HASH_SA_NONCE: peer
>> proposed invalid phase 2 IDs: initiator id 10.a.b.c, responder id 69.g.h.i
>> Dec 29 16:33:09 carbon isakmpd[28467]: dropped message from 166.d.e.f port
>> 48970 due to notification type INVALID_ID_INFORMATION
>> Dec 29 16:33:12 carbon isakmpd[28467]: responder_recv_HASH_SA_NONCE: peer
>> proposed invalid phase 2 IDs: initiator id 10.a.b.c, responder id 69.g.h.i
>> Dec 29 16:33:12 carbon isakmpd[28467]: dropped message from 166.d.e.f port
>> 48970 due to notification type INVALID_ID_INFORMATION
>> Dec 29 16:33:16 carbon isakmpd[28467]: responder_recv_HASH_SA_NONCE: peer
>> proposed invalid phase 2 IDs: initiator id 10.a.b.c, responder id 69.g.h.i
>> Dec 29 16:33:16 carbon isakmpd[28467]: dropped message from 166.d.e.f port
>> 48970 due to notification type INVALID_ID_INFORMATION
>> Dec 29 16:33:19 carbon isakmpd[28467]: responder_recv_HASH_SA_NONCE: peer
>> proposed invalid phase 2 IDs: initiator id 10.a.b.c, responder id 69.g.h.i
>> Dec 29 16:33:19 carbon isakmpd[28467]: dropped message from 166.d.e.f port
>> 48970 due to notification type INVALID_ID_INFORMATION
>> Dec 29 16:33:22 carbon isakmpd[28467]: responder_recv_HASH_SA_NONCE: peer
>> proposed invalid phase 2 IDs: initiator id 10.a.b.c, responder id 69.g.h.i
>> Dec 29 16:33:22 carbon isakmpd[28467]: dropped message from 166.d.e.f port
>> 48970 due to notification type INVALID_ID_INFORMATION
>> Dec 29 16:33:25 carbon isakmpd[28467]: responder_recv_HASH_SA_NONCE: peer
>> proposed invalid phase 2 IDs: initiator id 10.a.b.c, responder id 69.g.h.i
>> Dec 29 16:33:25 carbon isakmpd[28467]: dropped message from 166.d.e.f port
>> 48970 due to notification type INVALID_ID_INFORMATION
>> Dec 29 16:33:29 carbon isakmpd[28467]: responder_recv_HASH_SA_NONCE: peer
>> proposed invalid phase 2 IDs: initiator id 10.a.b.c, responder id 69.g.h.i
>> Dec 29 16:33:29 carbon isakmpd[28467]: dropped message from 166.d.e.f port
>> 48970 due to notification type INVALID_ID_INFORMATION
>> Dec 29 16:33:29 carbon isakmpd[28467]: isakmpd: Peer 166.d.e.f made us
>> delete live SA peer-default for proto 1, initiator id: 10.a.b.c, responder
>> id: 69.g.h.i
>> # tcpdump -vvr /var/run/isakmpd.pcap
>> tcpdump: WARNING: snaplen raised from 116 to 65536
>> 16:32:57.256488 mobile-166-d-e-f.mycingular.net.6885 >
>> c-69.g.h.i.hsd1.va.comcast.net.isakmp: [udp sum ok] isakmp v1.0 exchange
>> ID_PROT
>> cookie: 84d030732a69f98e->0000000000000000 msgid: 00000000 len:
>> 500
>> payload: SA len: 228 DOI: 1(IPSEC) situation: IDENTITY_ONLY
>> payload: PROPOSAL len: 216 proposal: 1 proto: ISAKMP spisz: 0
>> xforms: 6
>> payload: TRANSFORM len: 36
>> transform: 1 ID: ISAKMP
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCRYPTION_ALGORITHM = AES_CBC
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_METHOD = PRE_SHARED
>> attribute HASH_ALGORITHM = SHA
>> attribute GROUP_DESCRIPTION = MODP_1024
>> payload: TRANSFORM len: 36
>> transform: 2 ID: ISAKMP
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCRYPTION_ALGORITHM = AES_CBC
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_METHOD = PRE_SHARED
>> attribute HASH_ALGORITHM = MD5
>> attribute GROUP_DESCRIPTION = MODP_1024
>> payload: TRANSFORM len: 36
>> transform: 3 ID: ISAKMP
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCRYPTION_ALGORITHM = AES_CBC
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_METHOD = PRE_SHARED
>> attribute HASH_ALGORITHM = SHA
>> attribute GROUP_DESCRIPTION = MODP_1024
>> payload: TRANSFORM len: 36
>> transform: 4 ID: ISAKMP
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCRYPTION_ALGORITHM = AES_CBC
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_METHOD = PRE_SHARED
>> attribute HASH_ALGORITHM = MD5
>> attribute GROUP_DESCRIPTION = MODP_1024
>> payload: TRANSFORM len: 32
>> transform: 5 ID: ISAKMP
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCRYPTION_ALGORITHM = 3DES_CBC
>> attribute AUTHENTICATION_METHOD = PRE_SHARED
>> attribute HASH_ALGORITHM = SHA
>> attribute GROUP_DESCRIPTION = MODP_1024
>> payload: TRANSFORM len: 32
>> transform: 6 ID: ISAKMP
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCRYPTION_ALGORITHM = 3DES_CBC
>> attribute AUTHENTICATION_METHOD = PRE_SHARED
>> attribute HASH_ALGORITHM = MD5
>> attribute GROUP_DESCRIPTION = MODP_1024
>> payload: VENDOR len: 20 (supports NAT-T, RFC 3947)
>> payload: VENDOR len: 20
>> payload: VENDOR len: 20 (supports v8 NAT-T,
>> draft-ietf-ipsec-nat-t-ike-08)
>> payload: VENDOR len: 20 (supports v7 NAT-T,
>> draft-ietf-ipsec-nat-t-ike-07)
>> payload: VENDOR len: 20 (supports v6 NAT-T,
>> draft-ietf-ipsec-nat-t-ike-06)
>> payload: VENDOR len: 20 (supports v5 NAT-T,
>> draft-ietf-ipsec-nat-t-ike-05)
>> payload: VENDOR len: 20 (supports v4 NAT-T,
>> draft-ietf-ipsec-nat-t-ike-04)
>> payload: VENDOR len: 20 (supports v3 NAT-T,
>> draft-ietf-ipsec-nat-t-ike-03)
>> payload: VENDOR len: 20 (supports v2 NAT-T,
>> draft-ietf-ipsec-nat-t-ike-02\n)
>> payload: VENDOR len: 20 (supports v2 NAT-T,
>> draft-ietf-ipsec-nat-t-ike-02)
>> payload: VENDOR len: 24
>> payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1, len
>> 528)
>> 16:32:57.296055 c-69.g.h.i.hsd1.va.comcast.net.isakmp >
>> mobile-166-d-e-f.mycingular.net.6885: [udp sum ok] isakmp v1.0 exchange
>> ID_PROT
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 00000000 len:
>> 184
>> payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY
>> payload: PROPOSAL len: 44 proposal: 1 proto: ISAKMP spisz: 0
>> xforms: 1
>> payload: TRANSFORM len: 36
>> transform: 1 ID: ISAKMP
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCRYPTION_ALGORITHM = AES_CBC
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_METHOD = PRE_SHARED
>> attribute HASH_ALGORITHM = SHA
>> attribute GROUP_DESCRIPTION = MODP_1024
>> payload: VENDOR len: 20
>> payload: VENDOR len: 20 (supports v2 NAT-T,
>> draft-ietf-ipsec-nat-t-ike-02)
>> payload: VENDOR len: 20 (supports v3 NAT-T,
>> draft-ietf-ipsec-nat-t-ike-03)
>> payload: VENDOR len: 20 (supports NAT-T, RFC 3947)
>> payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1, len
>> 212)
>> 16:32:57.678761 mobile-166-d-e-f.mycingular.net.6885 >
>> c-69.g.h.i.hsd1.va.comcast.net.isakmp: [udp sum ok] isakmp v1.0 exchange
>> ID_PROT
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 00000000 len:
>> 228
>> payload: KEY_EXCH len: 132
>> payload: NONCE len: 20
>> payload: NAT-D len: 24
>> payload: NAT-D len: 24 [ttl 0] (id 1, len 256)
>> 16:32:57.966716 c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t >
>> mobile-166-d-e-f.mycingular.net.ipsec-nat-t: [bad udp cksum 106!]
>> udpencap:
>> isakmp v1.0 exchange ID_PROT
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 00000000 len:
>> 228
>> payload: KEY_EXCH len: 132
>> payload: NONCE len: 20
>> payload: NAT-D len: 24
>> payload: NAT-D len: 24 [ttl 0] (id 1, len 260)
>> 16:32:58.266134 mobile-166-d-e-f.mycingular.net.ipsec-nat-t >
>> c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t: [bad udp cksum 2c49!]
>> udpencap:
>> isakmp v1.0 exchange ID_PROT
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 00000000 len:
>> 108
>> payload: ID len: 12 proto: 17 port: 500 type: IPV4_ADDR =
>> 10.a.b.c
>> payload: HASH len: 24
>> payload: NOTIFICATION len: 28
>> notification: INITIAL CONTACT
>> (84d030732a69f98e->98940ba9c6c26124) [ttl 0] (id 1, len 140)
>> 16:32:58.267729 c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t >
>> mobile-166-d-e-f.mycingular.net.ipsec-nat-t: [udp sum ok] udpencap:
>> isakmp
>> v1.0 exchange ID_PROT
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 00000000 len:
>> 92
>> payload: ID len: 12 type: IPV4_ADDR = 69.g.h.i
>> payload: HASH len: 24
>> payload: NOTIFICATION len: 28
>> notification: INITIAL CONTACT
>> (84d030732a69f98e->98940ba9c6c26124) [ttl 0] (id 1, len 124)
>> 16:32:59.439147 mobile-166-d-e-f.mycingular.net.48970 >
>> c-69.g.h.i.hsd1.va.comcast.net.isakmp: [udp sum ok] isakmp v1.0 exchange
>> QUICK_MODE
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 190351df len:
>> 316
>> payload: HASH len: 24
>> payload: SA len: 184 DOI: 1(IPSEC) situation: IDENTITY_ONLY
>> payload: PROPOSAL len: 172 proposal: 1 proto: IPSEC_ESP
>> spisz:
>> 4 xforms: 6 SPI: 0x0b74cd40
>> payload: TRANSFORM len: 28
>> transform: 1 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 2 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 28
>> transform: 3 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 4 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 24
>> transform: 5 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 24
>> transform: 6 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: NONCE len: 20
>> payload: ID len: 12 proto: 17 port: 50704 type: IPV4_ADDR =
>> 10.a.b.c
>> payload: ID len: 12 proto: 17 port: 1701 type: IPV4_ADDR =
>> 69.g.h.i
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 10.a.b.c
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 69.g.h.i [ttl 0] (id 1,
>> len 344)
>> 16:32:59.444066 c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t >
>> mobile-166-d-e-f.mycingular.net.48970: [bad udp cksum ac00!] udpencap:
>> isakmp v1.0 exchange INFO
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 9f61bae0 len:
>> 64
>> payload: HASH len: 24
>> payload: NOTIFICATION len: 12
>> notification: INVALID ID INFORMATION [ttl 0] (id 1, len 96)
>> 16:33:02.976844 mobile-166-d-e-f.mycingular.net.ipsec-nat-t >
>> c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t: [bad udp cksum 140d!]
>> udpencap:
>> isakmp v1.0 exchange QUICK_MODE
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 190351df len:
>> 316
>> payload: HASH len: 24
>> payload: SA len: 184 DOI: 1(IPSEC) situation: IDENTITY_ONLY
>> payload: PROPOSAL len: 172 proposal: 1 proto: IPSEC_ESP
>> spisz:
>> 4 xforms: 6 SPI: 0x0b74cd40
>> payload: TRANSFORM len: 28
>> transform: 1 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 2 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 28
>> transform: 3 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 4 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 24
>> transform: 5 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 24
>> transform: 6 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: NONCE len: 20
>> payload: ID len: 12 proto: 17 port: 50704 type: IPV4_ADDR =
>> 10.a.b.c
>> payload: ID len: 12 proto: 17 port: 1701 type: IPV4_ADDR =
>> 69.g.h.i
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 10.a.b.c
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 69.g.h.i [ttl 0] (id 1,
>> len 348)
>> 16:33:02.981128 c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t >
>> mobile-166-d-e-f.mycingular.net.48970: [bad udp cksum ac00!] udpencap:
>> isakmp v1.0 exchange INFO
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 489f0371 len:
>> 64
>> payload: HASH len: 24
>> payload: NOTIFICATION len: 12
>> notification: INVALID ID INFORMATION [ttl 0] (id 1, len 96)
>> 16:33:06.353340 mobile-166-d-e-f.mycingular.net.ipsec-nat-t >
>> c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t: [bad udp cksum 140d!]
>> udpencap:
>> isakmp v1.0 exchange QUICK_MODE
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 190351df len:
>> 316
>> payload: HASH len: 24
>> payload: SA len: 184 DOI: 1(IPSEC) situation: IDENTITY_ONLY
>> payload: PROPOSAL len: 172 proposal: 1 proto: IPSEC_ESP
>> spisz:
>> 4 xforms: 6 SPI: 0x0b74cd40
>> payload: TRANSFORM len: 28
>> transform: 1 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 2 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 28
>> transform: 3 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 4 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 24
>> transform: 5 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 24
>> transform: 6 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: NONCE len: 20
>> payload: ID len: 12 proto: 17 port: 50704 type: IPV4_ADDR =
>> 10.a.b.c
>> payload: ID len: 12 proto: 17 port: 1701 type: IPV4_ADDR =
>> 69.g.h.i
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 10.a.b.c
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 69.g.h.i [ttl 0] (id 1,
>> len 348)
>> 16:33:06.357579 c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t >
>> mobile-166-d-e-f.mycingular.net.48970: [bad udp cksum ac00!] udpencap:
>> isakmp v1.0 exchange INFO
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 679aa03a len:
>> 64
>> payload: HASH len: 24
>> payload: NOTIFICATION len: 12
>> notification: INVALID ID INFORMATION [ttl 0] (id 1, len 96)
>> 16:33:09.609379 mobile-166-d-e-f.mycingular.net.ipsec-nat-t >
>> c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t: [bad udp cksum 140d!]
>> udpencap:
>> isakmp v1.0 exchange QUICK_MODE
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 190351df len:
>> 316
>> payload: HASH len: 24
>> payload: SA len: 184 DOI: 1(IPSEC) situation: IDENTITY_ONLY
>> payload: PROPOSAL len: 172 proposal: 1 proto: IPSEC_ESP
>> spisz:
>> 4 xforms: 6 SPI: 0x0b74cd40
>> payload: TRANSFORM len: 28
>> transform: 1 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 2 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 28
>> transform: 3 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 4 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 24
>> transform: 5 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 24
>> transform: 6 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: NONCE len: 20
>> payload: ID len: 12 proto: 17 port: 50704 type: IPV4_ADDR =
>> 10.a.b.c
>> payload: ID len: 12 proto: 17 port: 1701 type: IPV4_ADDR =
>> 69.g.h.i
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 10.a.b.c
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 69.g.h.i [ttl 0] (id 1,
>> len 348)
>> 16:33:09.613541 c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t >
>> mobile-166-d-e-f.mycingular.net.48970: [bad udp cksum ac00!] udpencap:
>> isakmp v1.0 exchange INFO
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 60990d49 len:
>> 64
>> payload: HASH len: 24
>> payload: NOTIFICATION len: 12
>> notification: INVALID ID INFORMATION [ttl 0] (id 1, len 96)
>> 16:33:12.865575 mobile-166-d-e-f.mycingular.net.ipsec-nat-t >
>> c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t: [bad udp cksum 140d!]
>> udpencap:
>> isakmp v1.0 exchange QUICK_MODE
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 190351df len:
>> 316
>> payload: HASH len: 24
>> payload: SA len: 184 DOI: 1(IPSEC) situation: IDENTITY_ONLY
>> payload: PROPOSAL len: 172 proposal: 1 proto: IPSEC_ESP
>> spisz:
>> 4 xforms: 6 SPI: 0x0b74cd40
>> payload: TRANSFORM len: 28
>> transform: 1 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 2 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 28
>> transform: 3 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 4 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 24
>> transform: 5 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 24
>> transform: 6 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: NONCE len: 20
>> payload: ID len: 12 proto: 17 port: 50704 type: IPV4_ADDR =
>> 10.a.b.c
>> payload: ID len: 12 proto: 17 port: 1701 type: IPV4_ADDR =
>> 69.g.h.i
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 10.a.b.c
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 69.g.h.i [ttl 0] (id 1,
>> len 348)
>> 16:33:12.870080 c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t >
>> mobile-166-d-e-f.mycingular.net.48970: [bad udp cksum ac00!] udpencap:
>> isakmp v1.0 exchange INFO
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 9f82cd9b len:
>> 64
>> payload: HASH len: 24
>> payload: NOTIFICATION len: 12
>> notification: INVALID ID INFORMATION [ttl 0] (id 1, len 96)
>> 16:33:16.121934 mobile-166-d-e-f.mycingular.net.ipsec-nat-t >
>> c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t: [bad udp cksum 140d!]
>> udpencap:
>> isakmp v1.0 exchange QUICK_MODE
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 190351df len:
>> 316
>> payload: HASH len: 24
>> payload: SA len: 184 DOI: 1(IPSEC) situation: IDENTITY_ONLY
>> payload: PROPOSAL len: 172 proposal: 1 proto: IPSEC_ESP
>> spisz:
>> 4 xforms: 6 SPI: 0x0b74cd40
>> payload: TRANSFORM len: 28
>> transform: 1 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 2 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 28
>> transform: 3 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 4 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 24
>> transform: 5 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 24
>> transform: 6 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: NONCE len: 20
>> payload: ID len: 12 proto: 17 port: 50704 type: IPV4_ADDR =
>> 10.a.b.c
>> payload: ID len: 12 proto: 17 port: 1701 type: IPV4_ADDR =
>> 69.g.h.i
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 10.a.b.c
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 69.g.h.i [ttl 0] (id 1,
>> len 348)
>> 16:33:16.126215 c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t >
>> mobile-166-d-e-f.mycingular.net.48970: [bad udp cksum ac00!] udpencap:
>> isakmp v1.0 exchange INFO
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 2c7fd4b9 len:
>> 64
>> payload: HASH len: 24
>> payload: NOTIFICATION len: 12
>> notification: INVALID ID INFORMATION [ttl 0] (id 1, len 96)
>> 16:33:19.377589 mobile-166-d-e-f.mycingular.net.ipsec-nat-t >
>> c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t: [bad udp cksum 140d!]
>> udpencap:
>> isakmp v1.0 exchange QUICK_MODE
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 190351df len:
>> 316
>> payload: HASH len: 24
>> payload: SA len: 184 DOI: 1(IPSEC) situation: IDENTITY_ONLY
>> payload: PROPOSAL len: 172 proposal: 1 proto: IPSEC_ESP
>> spisz:
>> 4 xforms: 6 SPI: 0x0b74cd40
>> payload: TRANSFORM len: 28
>> transform: 1 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 2 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 28
>> transform: 3 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 4 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 24
>> transform: 5 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 24
>> transform: 6 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: NONCE len: 20
>> payload: ID len: 12 proto: 17 port: 50704 type: IPV4_ADDR =
>> 10.a.b.c
>> payload: ID len: 12 proto: 17 port: 1701 type: IPV4_ADDR =
>> 69.g.h.i
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 10.a.b.c
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 69.g.h.i [ttl 0] (id 1,
>> len 348)
>> 16:33:19.381866 c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t >
>> mobile-166-d-e-f.mycingular.net.48970: [bad udp cksum ac00!] udpencap:
>> isakmp v1.0 exchange INFO
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: e011b5fc len:
>> 64
>> payload: HASH len: 24
>> payload: NOTIFICATION len: 12
>> notification: INVALID ID INFORMATION [ttl 0] (id 1, len 96)
>> 16:33:22.674335 mobile-166-d-e-f.mycingular.net.ipsec-nat-t >
>> c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t: [bad udp cksum 140d!]
>> udpencap:
>> isakmp v1.0 exchange QUICK_MODE
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 190351df len:
>> 316
>> payload: HASH len: 24
>> payload: SA len: 184 DOI: 1(IPSEC) situation: IDENTITY_ONLY
>> payload: PROPOSAL len: 172 proposal: 1 proto: IPSEC_ESP
>> spisz:
>> 4 xforms: 6 SPI: 0x0b74cd40
>> payload: TRANSFORM len: 28
>> transform: 1 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 2 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 28
>> transform: 3 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 4 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 24
>> transform: 5 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 24
>> transform: 6 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: NONCE len: 20
>> payload: ID len: 12 proto: 17 port: 50704 type: IPV4_ADDR =
>> 10.a.b.c
>> payload: ID len: 12 proto: 17 port: 1701 type: IPV4_ADDR =
>> 69.g.h.i
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 10.a.b.c
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 69.g.h.i [ttl 0] (id 1,
>> len 348)
>> 16:33:22.678820 c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t >
>> mobile-166-d-e-f.mycingular.net.48970: [bad udp cksum ac00!] udpencap:
>> isakmp v1.0 exchange INFO
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 9d04263c len:
>> 64
>> payload: HASH len: 24
>> payload: NOTIFICATION len: 12
>> notification: INVALID ID INFORMATION [ttl 0] (id 1, len 96)
>> 16:33:25.970635 mobile-166-d-e-f.mycingular.net.ipsec-nat-t >
>> c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t: [bad udp cksum 140d!]
>> udpencap:
>> isakmp v1.0 exchange QUICK_MODE
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 190351df len:
>> 316
>> payload: HASH len: 24
>> payload: SA len: 184 DOI: 1(IPSEC) situation: IDENTITY_ONLY
>> payload: PROPOSAL len: 172 proposal: 1 proto: IPSEC_ESP
>> spisz:
>> 4 xforms: 6 SPI: 0x0b74cd40
>> payload: TRANSFORM len: 28
>> transform: 1 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 2 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 28
>> transform: 3 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 4 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 24
>> transform: 5 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 24
>> transform: 6 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: NONCE len: 20
>> payload: ID len: 12 proto: 17 port: 50704 type: IPV4_ADDR =
>> 10.a.b.c
>> payload: ID len: 12 proto: 17 port: 1701 type: IPV4_ADDR =
>> 69.g.h.i
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 10.a.b.c
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 69.g.h.i [ttl 0] (id 1,
>> len 348)
>> 16:33:25.974879 c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t >
>> mobile-166-d-e-f.mycingular.net.48970: [bad udp cksum ac00!] udpencap:
>> isakmp v1.0 exchange INFO
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 5e245aa2 len:
>> 64
>> payload: HASH len: 24
>> payload: NOTIFICATION len: 12
>> notification: INVALID ID INFORMATION [ttl 0] (id 1, len 96)
>> 16:33:29.228060 mobile-166-d-e-f.mycingular.net.ipsec-nat-t >
>> c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t: [bad udp cksum 140d!]
>> udpencap:
>> isakmp v1.0 exchange QUICK_MODE
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 190351df len:
>> 316
>> payload: HASH len: 24
>> payload: SA len: 184 DOI: 1(IPSEC) situation: IDENTITY_ONLY
>> payload: PROPOSAL len: 172 proposal: 1 proto: IPSEC_ESP
>> spisz:
>> 4 xforms: 6 SPI: 0x0b74cd40
>> payload: TRANSFORM len: 28
>> transform: 1 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 2 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 256
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 28
>> transform: 3 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 28
>> transform: 4 ID: AES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute KEY_LENGTH = 128
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: TRANSFORM len: 24
>> transform: 5 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
>> payload: TRANSFORM len: 24
>> transform: 6 ID: 3DES
>> attribute LIFE_TYPE = SECONDS
>> attribute LIFE_DURATION = 3600
>> attribute ENCAPSULATION_MODE =
>> UDP_ENCAP_TRANSPORT
>> attribute AUTHENTICATION_ALGORITHM = HMAC_MD5
>> payload: NONCE len: 20
>> payload: ID len: 12 proto: 17 port: 50704 type: IPV4_ADDR =
>> 10.a.b.c
>> payload: ID len: 12 proto: 17 port: 1701 type: IPV4_ADDR =
>> 69.g.h.i
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 10.a.b.c
>> payload: NAT-OA len: 12 type: IPV4_ADDR = 69.g.h.i [ttl 0] (id 1,
>> len 348)
>> 16:33:29.232423 c-69.g.h.i.hsd1.va.comcast.net.ipsec-nat-t >
>> mobile-166-d-e-f.mycingular.net.48970: [bad udp cksum ac00!] udpencap:
>> isakmp v1.0 exchange INFO
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: 668a3b0d len:
>> 64
>> payload: HASH len: 24
>> payload: NOTIFICATION len: 12
>> notification: INVALID ID INFORMATION [ttl 0] (id 1, len 96)
>> 16:33:29.669958 mobile-166-d-e-f.mycingular.net.48970 >
>> c-69.g.h.i.hsd1.va.comcast.net.isakmp: [udp sum ok] isakmp v1.0 exchange
>> INFO
>> cookie: 84d030732a69f98e->98940ba9c6c26124 msgid: a5a4d6fa len:
>> 92
>> payload: HASH len: 24
>> payload: DELETE len: 28 DOI: 1(IPSEC) proto: ISAKMP nspis: 1
>> cookie: 84d030732a69f98e->98940ba9c6c26124 [ttl 0] (id 1,
>> len
>> 120)
