IPSec VPN NAT-T Multiple Clients to same Destination

Hello NG,

After spending some weeks of investigation I'll try to find an answer in the
newsgroups.

We are using the ISA 2004 (W2K3 all SPs installed) to allow our remote
workers to connect to the company via VPN. All of them have got a DSL Router
to connect their laptop to the internet. We provided a IPSec infrastructure
with certificates. The ISA is connected directly to the Internet. Everything
is working perfect, but one problem is still there:

If there are more than one client behind a NAT (here the DSL Router) then
the second client could not connect to the ISA via VPN. After rebooting the
router only the first client can establish a VPN connection.

We also tried different Routers and even a Windows Server 2003 machine with
Routing and Ras Service to handle the NAT on the client side. But always the
same.

As attachement I have put the oakley logfile. Maybe a specialist could tell
me what goes wrong here?

Thanks

Alex

11-03: 08:54:15:765:dc Initialization OK
11-03: 08:54:26:971:fb4 QM PolicyName: L2TP Require Encryption Quick Mode
Policy dwFlags 0
11-03: 08:54:26:971:fb4 QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:fb4 QMOffer[0] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:fb4 Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC:
MD5
11-03: 08:54:26:971:fb4 QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:fb4 QMOffer[1] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:fb4 Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC:
SHA
11-03: 08:54:26:971:fb4 QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:fb4 QMOffer[2] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:fb4 Algo[0] Operation: AH Algo: SHA
11-03: 08:54:26:971:fb4 Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC:
0
11-03: 08:54:26:971:fb4 QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:fb4 QMOffer[3] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:fb4 Algo[0] Operation: AH Algo: MD5
11-03: 08:54:26:971:fb4 Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC:
0
11-03: 08:54:26:971:fb4 QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:fb4 QMOffer[4] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:fb4 Algo[0] Operation: AH Algo: SHA
11-03: 08:54:26:971:fb4 Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC:
SHA
11-03: 08:54:26:971:fb4 QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:fb4 QMOffer[5] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:fb4 Algo[0] Operation: AH Algo: MD5
11-03: 08:54:26:971:fb4 Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC:
MD5
11-03: 08:54:26:971:fb4 QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:fb4 QMOffer[6] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:fb4 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
11-03: 08:54:26:971:fb4 QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:fb4 QMOffer[7] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:fb4 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
11-03: 08:54:26:971:fb4 QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:fb4 QMOffer[8] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:fb4 Algo[0] Operation: AH Algo: SHA
11-03: 08:54:26:971:fb4 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
11-03: 08:54:26:971:fb4 QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:fb4 QMOffer[9] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:fb4 Algo[0] Operation: AH Algo: MD5
11-03: 08:54:26:971:fb4 Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
11-03: 08:54:26:971:fb4 QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:fb4 QMOffer[10] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:fb4 Algo[0] Operation: AH Algo: SHA
11-03: 08:54:26:971:fb4 Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
11-03: 08:54:26:971:fb4 QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:fb4 QMOffer[11] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:fb4 Algo[0] Operation: AH Algo: MD5
11-03: 08:54:26:971:fb4 Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
11-03: 08:54:26:971:fb4 Internal Acquire: op=00000001 src=192.168.0.151.1701
dst=93.159.171.10.1701 proto = 17, SrcMask=255.255.255.255,
DstMask=255.255.255.255, Tunnel 0, TunnelEndpt=0.0.0.0 Inbound
TunnelEndpt=0.0.0.0, InitiateEvent=00000AF8, IKE SrcPort=500 IKE DstPort=500
11-03: 08:54:26:971:3ec Filter to match: Src 93.159.171.10 Dst 192.168.0.151
11-03: 08:54:26:971:3ec MM PolicyName: L2TP Main Mode Policy
11-03: 08:54:26:971:3ec MMPolicy dwFlags 8 SoftSAExpireTime 28800
11-03: 08:54:26:971:3ec MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup
268435457
11-03: 08:54:26:971:3ec MMOffer[0] Encrypt: Dreifach-DES CBC Hash: SHA
11-03: 08:54:26:971:3ec MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
11-03: 08:54:26:971:3ec MMOffer[1] Encrypt: Dreifach-DES CBC Hash: SHA
11-03: 08:54:26:971:3ec MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 2
11-03: 08:54:26:971:3ec MMOffer[2] Encrypt: Dreifach-DES CBC Hash: MD5
11-03: 08:54:26:971:3ec MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
11-03: 08:54:26:971:3ec MMOffer[3] Encrypt: DES CBC Hash: SHA
11-03: 08:54:26:971:3ec MMOffer[4] LifetimeSec 28800 QMLimit 0 DHGroup 1
11-03: 08:54:26:971:3ec MMOffer[4] Encrypt: DES CBC Hash: MD5
11-03: 08:54:26:971:3ec Auth[0]:RSA Sig DC=ads, DC=afg, CN=AFG-CA AuthFlags
0
11-03: 08:54:26:971:3ec QM PolicyName: L2TP Require Encryption Quick Mode
Policy dwFlags 0
11-03: 08:54:26:971:3ec QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:3ec QMOffer[0] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:3ec Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC:
MD5
11-03: 08:54:26:971:3ec QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:3ec QMOffer[1] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:3ec Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC:
SHA
11-03: 08:54:26:971:3ec QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:3ec QMOffer[2] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:3ec Algo[0] Operation: AH Algo: SHA
11-03: 08:54:26:971:3ec Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC:
0
11-03: 08:54:26:971:3ec QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:3ec QMOffer[3] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:3ec Algo[0] Operation: AH Algo: MD5
11-03: 08:54:26:971:3ec Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC:
0
11-03: 08:54:26:971:3ec QMOffer[4] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:3ec QMOffer[4] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:3ec Algo[0] Operation: AH Algo: SHA
11-03: 08:54:26:971:3ec Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC:
SHA
11-03: 08:54:26:971:3ec QMOffer[5] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:3ec QMOffer[5] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:3ec Algo[0] Operation: AH Algo: MD5
11-03: 08:54:26:971:3ec Algo[1] Operation: ESP Algo: Dreifach-DES CBC HMAC:
MD5
11-03: 08:54:26:971:3ec QMOffer[6] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:3ec QMOffer[6] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:3ec Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
11-03: 08:54:26:971:3ec QMOffer[7] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:3ec QMOffer[7] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:3ec Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
11-03: 08:54:26:971:3ec QMOffer[8] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:3ec QMOffer[8] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:3ec Algo[0] Operation: AH Algo: SHA
11-03: 08:54:26:971:3ec Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
11-03: 08:54:26:971:3ec QMOffer[9] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:3ec QMOffer[9] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:3ec Algo[0] Operation: AH Algo: MD5
11-03: 08:54:26:971:3ec Algo[1] Operation: ESP Algo: DES CBC HMAC: 0
11-03: 08:54:26:971:3ec QMOffer[10] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:3ec QMOffer[10] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:3ec Algo[0] Operation: AH Algo: SHA
11-03: 08:54:26:971:3ec Algo[1] Operation: ESP Algo: DES CBC HMAC: SHA
11-03: 08:54:26:971:3ec QMOffer[11] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:26:971:3ec QMOffer[11] dwFlags 0 dwPFSGroup 0
11-03: 08:54:26:971:3ec Algo[0] Operation: AH Algo: MD5
11-03: 08:54:26:971:3ec Algo[1] Operation: ESP Algo: DES CBC HMAC: MD5
11-03: 08:54:26:971:3ec Starting Negotiation: src = 192.168.0.151.0500, dst
= 93.159.171.10.0500, proto = 17, context = 00000000, ProxySrc =
192.168.0.151.1701, ProxyDst = 93.159.171.10.1701 SrcMask = 0.0.0.0 DstMask
= 0.0.0.0
11-03: 08:54:26:971:3ec constructing ISAKMP Header
11-03: 08:54:26:971:3ec constructing SA (ISAKMP)
11-03: 08:54:26:971:3ec Constructing Vendor MS NT5 ISAKMPOAKLEY
11-03: 08:54:26:971:3ec Constructing Vendor FRAGMENTATION
11-03: 08:54:26:971:3ec Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
11-03: 08:54:26:971:3ec Constructing Vendor Vid-Initial-Contact
11-03: 08:54:26:971:3ec
11-03: 08:54:26:971:3ec Sending: SA = 0x000EF438 to 93.159.171.10:Type 2.500
11-03: 08:54:26:971:3ec ISAKMP Header: (V1.0), len = 312
11-03: 08:54:26:971:3ec I-COOKIE fa958944d2b84594
11-03: 08:54:26:971:3ec R-COOKIE 0000000000000000
11-03: 08:54:26:971:3ec exchange: Oakley Main Mode
11-03: 08:54:26:971:3ec flags: 0
11-03: 08:54:26:971:3ec next payload: SA
11-03: 08:54:26:971:3ec message ID: 00000000
11-03: 08:54:26:971:3ec Ports S:f401 D:f401
11-03: 08:54:26:971:3ec Activating InitiateEvent 00000AF8
11-03: 08:54:27:61:3ec
11-03: 08:54:27:61:3ec Receive: (get) SA = 0x000ef438 from 93.159.171.10.500
11-03: 08:54:27:61:3ec ISAKMP Header: (V1.0), len = 148
11-03: 08:54:27:61:3ec I-COOKIE fa958944d2b84594
11-03: 08:54:27:61:3ec R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:27:61:3ec exchange: Oakley Main Mode
11-03: 08:54:27:61:3ec flags: 0
11-03: 08:54:27:61:3ec next payload: SA
11-03: 08:54:27:61:3ec message ID: 00000000
11-03: 08:54:27:61:3ec processing payload SA
11-03: 08:54:27:61:3ec Received Phase 1 Transform 1
11-03: 08:54:27:61:3ec Encryption Alg Dreifach-DES CBC(5)
11-03: 08:54:27:61:3ec Hash Alg SHA(2)
11-03: 08:54:27:61:3ec Oakley Group 2
11-03: 08:54:27:61:3ec Auth Method RSA-Signatur mit Zertifikaten(3)
11-03: 08:54:27:61:3ec Life type in Seconds
11-03: 08:54:27:61:3ec Life duration of 28800
11-03: 08:54:27:61:3ec Phase 1 SA accepted: transform=1
11-03: 08:54:27:61:3ec SA - Oakley proposal accepted
11-03: 08:54:27:61:3ec processing payload VENDOR ID
11-03: 08:54:27:61:3ec Received VendorId MS NT5 ISAKMPOAKLEY
11-03: 08:54:27:61:3ec processing payload VENDOR ID
11-03: 08:54:27:61:3ec Received VendorId FRAGMENTATION
11-03: 08:54:27:61:3ec processing payload VENDOR ID
11-03: 08:54:27:61:3ec Received VendorId draft-ietf-ipsec-nat-t-ike-02
11-03: 08:54:27:61:3ec ClearFragList
11-03: 08:54:27:61:3ec constructing ISAKMP Header
11-03: 08:54:27:101:3ec constructing KE
11-03: 08:54:27:101:3ec constructing NONCE (ISAKMP)
11-03: 08:54:27:101:3ec Constructing NatDisc
11-03: 08:54:27:101:3ec
11-03: 08:54:27:101:3ec Sending: SA = 0x000EF438 to 93.159.171.10:Type 2.500
11-03: 08:54:27:101:3ec ISAKMP Header: (V1.0), len = 232
11-03: 08:54:27:101:3ec I-COOKIE fa958944d2b84594
11-03: 08:54:27:101:3ec R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:27:101:3ec exchange: Oakley Main Mode
11-03: 08:54:27:101:3ec flags: 0
11-03: 08:54:27:101:3ec next payload: KE
11-03: 08:54:27:101:3ec message ID: 00000000
11-03: 08:54:27:101:3ec Ports S:f401 D:f401
11-03: 08:54:27:241:3ec
11-03: 08:54:27:241:3ec Receive: (get) SA = 0x000ef438 from
93.159.171.10.500
11-03: 08:54:27:241:3ec ISAKMP Header: (V1.0), len = 298
11-03: 08:54:27:241:3ec I-COOKIE fa958944d2b84594
11-03: 08:54:27:241:3ec R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:27:241:3ec exchange: Oakley Main Mode
11-03: 08:54:27:241:3ec flags: 0
11-03: 08:54:27:241:3ec next payload: KE
11-03: 08:54:27:241:3ec message ID: 00000000
11-03: 08:54:27:241:3ec processing payload KE
11-03: 08:54:27:251:3ec processing payload NONCE
11-03: 08:54:27:251:3ec processing payload CRP
11-03: 08:54:27:251:3ec DC=ads, DC=afg, CN=AFG-CA
11-03: 08:54:27:251:3ec processing payload NATDISC
11-03: 08:54:27:251:3ec Processing NatHash
11-03: 08:54:27:251:3ec Nat hash f899186f6b277142b76a9a4a372ed19f
11-03: 08:54:27:251:3ec 03a10c16
11-03: 08:54:27:251:3ec SA StateMask2 1e
11-03: 08:54:27:251:3ec processing payload NATDISC
11-03: 08:54:27:251:3ec Processing NatHash
11-03: 08:54:27:251:3ec Nat hash 4531f4cfb3553bb35a130092e5169f69
11-03: 08:54:27:251:3ec 4eaa409a
11-03: 08:54:27:251:3ec SA StateMask2 9e
11-03: 08:54:27:251:3ec ClearFragList
11-03: 08:54:27:251:3ec Floated Ports Orig Me:f401 Peer:f401
11-03: 08:54:27:251:3ec Floated Ports Me:9411 Peer:9411
11-03: 08:54:27:251:3ec constructing ISAKMP Header
11-03: 08:54:27:251:3ec constructing ID
11-03: 08:54:27:251:3ec Looking for IPSec only cert
11-03: 08:54:27:251:3ec Cert Trustes. 0 100
11-03: 08:54:27:251:3ec Cert SHA Thumbprint 711049a7c77ea22b9140e159512bc3bf
11-03: 08:54:27:251:3ec cfe874cb
11-03: 08:54:27:251:3ec Cert SHA Thumbprint 711049a7c77ea22b9140e159512bc3bf
11-03: 08:54:27:251:3ec cfe874cb
11-03: 08:54:27:251:3ec SubjectName: CN=WILDRO
11-03: 08:54:27:251:3ec Cert Serialnumber cc000000000025130355
11-03: 08:54:27:251:3ec Cert SHA Thumbprint 711049a7c77ea22b9140e159512bc3bf
11-03: 08:54:27:251:3ec cfe874cb
11-03: 08:54:27:251:3ec SubjectName: DC=ads, DC=afg, CN=AFG-CA
11-03: 08:54:27:251:3ec Cert Serialnumber 4cb4fa7ea6173343b83c3fa4312acd7b
11-03: 08:54:27:251:3ec
11-03: 08:54:27:251:3ec Cert SHA Thumbprint b4bd467e9ab0d6681058e1c10d53bb8f
11-03: 08:54:27:251:3ec 452febd2
11-03: 08:54:27:251:3ec Not storing My cert chain in SA.
11-03: 08:54:27:251:3ec MM ID Type 9
11-03: 08:54:27:251:3ec MM ID 3011310f300d0603550403130657494c
11-03: 08:54:27:251:3ec 44524f
11-03: 08:54:27:251:3ec constructing CERT
11-03: 08:54:27:251:3ec Construct SIG
11-03: 08:54:27:251:3ec Constructing Cert Request
11-03: 08:54:27:251:3ec DC=ads, DC=afg, CN=AFG-CA
11-03: 08:54:27:251:3ec
11-03: 08:54:27:251:3ec Sending: SA = 0x000EF438 to 93.159.171.10:Type
2.4500
11-03: 08:54:27:251:3ec ISAKMP Header: (V1.0), len = 1532
11-03: 08:54:27:251:3ec I-COOKIE fa958944d2b84594
11-03: 08:54:27:251:3ec R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:27:251:3ec exchange: Oakley Main Mode
11-03: 08:54:27:251:3ec flags: 1 ( encrypted )
11-03: 08:54:27:251:3ec next payload: ID
11-03: 08:54:27:251:3ec message ID: 00000000
11-03: 08:54:27:251:3ec Ports S:9411 D:9411
11-03: 08:54:27:451:3ec
11-03: 08:54:27:451:3ec Receive: (get) SA = 0x000ef438 from
93.159.171.10.4500
11-03: 08:54:27:451:3ec ISAKMP Header: (V1.0), len = 1484
11-03: 08:54:27:451:3ec I-COOKIE fa958944d2b84594
11-03: 08:54:27:451:3ec R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:27:451:3ec exchange: Oakley Main Mode
11-03: 08:54:27:451:3ec flags: 1 ( encrypted )
11-03: 08:54:27:451:3ec next payload: ID
11-03: 08:54:27:451:3ec message ID: 00000000
11-03: 08:54:27:461:3ec processing payload ID
11-03: 08:54:27:461:3ec processing payload CERT
11-03: 08:54:27:461:3ec processing payload SIG
11-03: 08:54:27:461:3ec Verifying CertStore
11-03: 08:54:27:461:3ec SubjectName: CN=foxi.afg.ads
11-03: 08:54:27:461:3ec Cert Serialnumber 0300000000002f3bdf7a
11-03: 08:54:27:461:3ec Cert SHA Thumbprint 7da491c37ea83a2602397356c9710ddd
11-03: 08:54:27:461:3ec b214ec69
11-03: 08:54:27:461:3ec Cert Trustes. 0 100
11-03: 08:54:27:461:3ec SubjectName: CN=foxi.afg.ads
11-03: 08:54:27:461:3ec Cert Serialnumber 0300000000002f3bdf7a
11-03: 08:54:27:461:3ec Cert SHA Thumbprint 7da491c37ea83a2602397356c9710ddd
11-03: 08:54:27:461:3ec b214ec69
11-03: 08:54:27:461:3ec SubjectName: DC=ads, DC=afg, CN=AFG-CA
11-03: 08:54:27:461:3ec Cert Serialnumber 4cb4fa7ea6173343b83c3fa4312acd7b
11-03: 08:54:27:461:3ec
11-03: 08:54:27:461:3ec Cert SHA Thumbprint b4bd467e9ab0d6681058e1c10d53bb8f
11-03: 08:54:27:461:3ec 452febd2
11-03: 08:54:27:461:3ec Not storing Peer's cert chain in SA.
11-03: 08:54:27:461:3ec Cert SHA Thumbprint 7da491c37ea83a2602397356c9710ddd
11-03: 08:54:27:461:3ec b214ec69
11-03: 08:54:27:461:3ec Signature validated
11-03: 08:54:27:461:3ec ClearFragList
11-03: 08:54:27:461:3ec MM established. SA: 000EF438
11-03: 08:54:27:461:3ec QM PolicyName: L2TP Require Encryption Quick Mode
Policy dwFlags 0
11-03: 08:54:27:461:3ec QMOffer[0] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:27:461:3ec QMOffer[0] dwFlags 0 dwPFSGroup 0
11-03: 08:54:27:461:3ec Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC:
MD5
11-03: 08:54:27:461:3ec QMOffer[1] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:27:461:3ec QMOffer[1] dwFlags 0 dwPFSGroup 0
11-03: 08:54:27:461:3ec Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC:
SHA
11-03: 08:54:27:461:3ec QMOffer[2] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:27:461:3ec QMOffer[2] dwFlags 0 dwPFSGroup 0
11-03: 08:54:27:461:3ec Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
11-03: 08:54:27:461:3ec QMOffer[3] LifetimeKBytes 250000 LifetimeSec 3600
11-03: 08:54:27:461:3ec QMOffer[3] dwFlags 0 dwPFSGroup 0
11-03: 08:54:27:461:3ec Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
11-03: 08:54:27:461:3ec GetSpi: src = 93.159.171.10.1701, dst =
192.168.0.151.1701, proto = 17, context = 00000000, srcMask =
255.255.255.255, destMask = 255.255.255.255, TunnelFilter 0
11-03: 08:54:27:461:3ec Setting SPI 3556611420
11-03: 08:54:27:461:3ec constructing ISAKMP Header
11-03: 08:54:27:461:3ec constructing HASH (null)
11-03: 08:54:27:461:3ec constructing SA (IPSEC)
11-03: 08:54:27:461:3ec constructing NONCE (IPSEC)
11-03: 08:54:27:461:3ec constructing ID (proxy)
11-03: 08:54:27:461:3ec FQDN ID 4e42323130302e6166672e616473
11-03: 08:54:27:461:3ec constructing ID (proxy)
11-03: 08:54:27:461:3ec Construct NATOA
11-03: 08:54:27:461:3ec constructing HASH (QM)
11-03: 08:54:27:461:3ec
11-03: 08:54:27:461:3ec Sending: SA = 0x000EF438 to 93.159.171.10:Type
2.4500
11-03: 08:54:27:461:3ec ISAKMP Header: (V1.0), len = 308
11-03: 08:54:27:461:3ec I-COOKIE fa958944d2b84594
11-03: 08:54:27:461:3ec R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:27:461:3ec exchange: Oakley Quick Mode
11-03: 08:54:27:461:3ec flags: 1 ( encrypted )
11-03: 08:54:27:461:3ec next payload: HASH
11-03: 08:54:27:461:3ec message ID: 78eed2b1
11-03: 08:54:27:461:3ec Ports S:9411 D:9411
11-03: 08:54:27:551:3ec
11-03: 08:54:27:551:3ec Receive: (get) SA = 0x000ef438 from
93.159.171.10.4500
11-03: 08:54:27:551:3ec ISAKMP Header: (V1.0), len = 172
11-03: 08:54:27:551:3ec I-COOKIE fa958944d2b84594
11-03: 08:54:27:551:3ec R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:27:551:3ec exchange: Oakley Quick Mode
11-03: 08:54:27:551:3ec flags: 3 ( encrypted commit )
11-03: 08:54:27:551:3ec next payload: HASH
11-03: 08:54:27:551:3ec message ID: 78eed2b1
11-03: 08:54:27:551:3ec processing HASH (QM)
11-03: 08:54:27:551:3ec ClearFragList
11-03: 08:54:27:551:3ec processing payload NONCE
11-03: 08:54:27:551:3ec processing payload ID
11-03: 08:54:27:551:3ec processing payload ID
11-03: 08:54:27:551:3ec processing payload SA
11-03: 08:54:27:551:3ec Negotiated Proxy ID: Src 192.168.0.151.1701 Dst
93.159.171.10.1701
11-03: 08:54:27:551:3ec Checking Proposal 1: Proto= ESP(3), num trans=1
Next=0
11-03: 08:54:27:551:3ec Checking Transform # 1: ID=Dreifach-DES CBC(3)
11-03: 08:54:27:551:3ec SA life type in seconds
11-03: 08:54:27:551:3ec SA life duration 00000e10
11-03: 08:54:27:551:3ec SA life type in kilobytes
11-03: 08:54:27:551:3ec SA life duration 0003d090
11-03: 08:54:27:551:3ec tunnel mode is 61444(61444)
11-03: 08:54:27:551:3ec HMAC algorithm is MD5(1)
11-03: 08:54:27:551:3ec Phase 2 SA accepted: proposal=1 transform=1
11-03: 08:54:27:551:3ec constructing ISAKMP Header
11-03: 08:54:27:551:3ec constructing HASH (QM)
11-03: 08:54:27:551:3ec Adding QMs: src = 192.168.0.151.1701, dst =
93.159.171.10.1701, proto = 17, context = 00000034, my tunnel = 0.0.0.0,
peer tunnel = 0.0.0.0, SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600
LifetimeKBytes 250000 dwFlags 280 Direction 2 EncapType 3
11-03: 08:54:27:551:3ec Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC:
MD5
11-03: 08:54:27:551:3ec Algo[0] MySpi: 3556611420 PeerSpi: 538687434
11-03: 08:54:27:551:3ec Encap Ports Src 4500 Dst 4500
11-03: 08:54:27:551:3ec Skipping Outbound SA add
11-03: 08:54:27:551:3ec
11-03: 08:54:27:551:3ec Sending: SA = 0x000EF438 to 93.159.171.10:Type
2.4500
11-03: 08:54:27:551:3ec ISAKMP Header: (V1.0), len = 52
11-03: 08:54:27:551:3ec I-COOKIE fa958944d2b84594
11-03: 08:54:27:551:3ec R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:27:551:3ec exchange: Oakley Quick Mode
11-03: 08:54:27:551:3ec flags: 3 ( encrypted commit )
11-03: 08:54:27:551:3ec next payload: HASH
11-03: 08:54:27:551:3ec message ID: 78eed2b1
11-03: 08:54:27:551:3ec Ports S:9411 D:9411
11-03: 08:54:27:632:3ec
11-03: 08:54:27:632:3ec Receive: (get) SA = 0x000ef438 from
93.159.171.10.4500
11-03: 08:54:27:632:3ec ISAKMP Header: (V1.0), len = 84
11-03: 08:54:27:632:3ec I-COOKIE fa958944d2b84594
11-03: 08:54:27:632:3ec R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:27:632:3ec exchange: Oakley Quick Mode
11-03: 08:54:27:632:3ec flags: 3 ( encrypted commit )
11-03: 08:54:27:632:3ec next payload: HASH
11-03: 08:54:27:632:3ec message ID: 78eed2b1
11-03: 08:54:27:632:3ec processing HASH (Notify/Delete)
11-03: 08:54:27:632:3ec ClearFragList
11-03: 08:54:27:632:3ec processing payload NOTIFY
11-03: 08:54:27:632:3ec Adding QMs: src = 192.168.0.151.1701, dst =
93.159.171.10.1701, proto = 17, context = 00000034, my tunnel = 0.0.0.0,
peer tunnel = 0.0.0.0, SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600
LifetimeKBytes 250000 dwFlags 280 Direction 3 EncapType 3
11-03: 08:54:27:632:3ec Algo[0] Operation: ESP Algo: Dreifach-DES CBC HMAC:
MD5
11-03: 08:54:27:632:3ec Algo[0] MySpi: 3556611420 PeerSpi: 538687434
11-03: 08:54:27:632:3ec Encap Ports Src 4500 Dst 4500
11-03: 08:54:27:632:3ec Skipping Inbound SA add
11-03: 08:54:27:632:3ec Leaving adjust_peer_list entry 000DAC30 MMCount 0
QMCount 1
11-03: 08:54:27:632:3ec isadb_set_status sa:000EF438 centry:0013DEB8 status
0
11-03: 08:54:27:632:3ec isadb_set_status InitiateEvent 00000AF8: Setting
Status 0
11-03: 08:54:27:632:3ec Clearing centry 0013DEB8 InitiateEvent 00000AF8
11-03: 08:54:27:632:3ec CE Dead. sa:000EF438 ce:0013DEB8 status:0
11-03: 08:54:27:632:fb4 CloseNegHandle 00000AF8
11-03: 08:54:27:632:fb4 SE cookie fa958944d2b84594
11-03: 08:54:49:593:3ec QM Deleted. Notify from driver: Src 192.168.0.151
Dest 93.159.171.10 InSPI 3556611420 OutSpi 538687434 Tunnel 0 TunnelFilter
0
11-03: 08:54:49:593:3ec Leaving adjust_peer_list entry 000DAC30 MMCount 0
QMCount 0
11-03: 08:54:49:593:3ec constructing ISAKMP Header
11-03: 08:54:49:593:3ec constructing HASH (null)
11-03: 08:54:49:593:3ec constructing NONCE (ND)
11-03: 08:54:49:593:3ec Construct QM Delete Spi 3556611420
11-03: 08:54:49:593:3ec constructing HASH (Notify/Delete)
11-03: 08:54:49:593:3ec
11-03: 08:54:49:593:3ec Sending: SA = 0x000EF438 to 93.159.171.10:Type
3.4500
11-03: 08:54:49:593:3ec ISAKMP Header: (V1.0), len = 92
11-03: 08:54:49:593:3ec I-COOKIE fa958944d2b84594
11-03: 08:54:49:593:3ec R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:49:593:3ec exchange: ISAKMP Informational Exchange
11-03: 08:54:49:593:3ec flags: 1 ( encrypted )
11-03: 08:54:49:593:3ec next payload: HASH
11-03: 08:54:49:593:3ec message ID: dfdad3f7
11-03: 08:54:49:593:3ec Ports S:9411 D:9411
11-03: 08:54:49:593:3ec PrivatePeerAddr 0
11-03: 08:54:49:593:fb4 isadb_schedule_kill_oldPolicy_sas:
d9766fad-9a05-4e6d-aa4ae768fc6783dc 4
11-03: 08:54:49:593:ef0 isadb_schedule_kill_oldPolicy_sas:
0670aa6c-0d72-47cb-beb53eb072cf5457 3
11-03: 08:54:49:593:abc isadb_schedule_kill_oldPolicy_sas:
b4c9da9f-28bc-4644-8bc56b52f4a790a4 2
11-03: 08:54:49:593:fb4 isadb_schedule_kill_oldPolicy_sas:
c52ba8f7-fdad-4fbe-9a0bd693368f067d 1
11-03: 08:54:49:603:3ec entered kill_old_policy_sas 4
11-03: 08:54:49:603:3ec SA Dead. sa:000EF438 status:3619
11-03: 08:54:49:603:3ec isadb_set_status sa:000EF438 centry:00000000 status
3619
11-03: 08:54:49:603:3ec constructing ISAKMP Header
11-03: 08:54:49:603:3ec constructing HASH (null)
11-03: 08:54:49:603:3ec constructing NONCE (ND)
11-03: 08:54:49:603:3ec constructing DELETE. MM 000EF438
11-03: 08:54:49:603:3ec constructing HASH (Notify/Delete)
11-03: 08:54:49:603:3ec
11-03: 08:54:49:603:3ec Sending: SA = 0x000EF438 to 93.159.171.10:Type
3.4500
11-03: 08:54:49:603:3ec ISAKMP Header: (V1.0), len = 108
11-03: 08:54:49:603:3ec I-COOKIE fa958944d2b84594
11-03: 08:54:49:603:3ec R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:49:603:3ec exchange: ISAKMP Informational Exchange
11-03: 08:54:49:603:3ec flags: 1 ( encrypted )
11-03: 08:54:49:603:3ec next payload: HASH
11-03: 08:54:49:603:3ec message ID: 9353ad7e
11-03: 08:54:49:603:3ec Ports S:9411 D:9411
11-03: 08:54:49:603:3ec entered kill_old_policy_sas 3
11-03: 08:54:49:603:3ec entered kill_old_policy_sas 2
11-03: 08:54:49:603:3ec entered kill_old_policy_sas 1
11-03: 08:54:49:673:b0c
11-03: 08:54:49:673:b0c Receive: (get) SA = 0x000ef438 from
93.159.171.10.4500
11-03: 08:54:49:673:b0c ISAKMP Header: (V1.0), len = 92
11-03: 08:54:49:673:b0c I-COOKIE fa958944d2b84594
11-03: 08:54:49:673:b0c R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:49:673:b0c exchange: ISAKMP Informational Exchange
11-03: 08:54:49:673:b0c flags: 1 ( encrypted )
11-03: 08:54:49:673:b0c next payload: HASH
11-03: 08:54:49:673:b0c message ID: dfdad3f7
11-03: 08:54:49:673:b0c processing HASH (Notify/Delete)
11-03: 08:54:49:693:b0c
11-03: 08:54:49:693:b0c Receive: (get) SA = 0x000ef438 from
93.159.171.10.4500
11-03: 08:54:49:693:b0c ISAKMP Header: (V1.0), len = 108
11-03: 08:54:49:693:b0c I-COOKIE fa958944d2b84594
11-03: 08:54:49:693:b0c R-COOKIE ee85a2fb1a5769d4
11-03: 08:54:49:693:b0c exchange: ISAKMP Informational Exchange
11-03: 08:54:49:693:b0c flags: 1 ( encrypted )
11-03: 08:54:49:693:b0c next payload: HASH
11-03: 08:54:49:693:b0c message ID: 9353ad7e
11-03: 08:54:49:693:b0c processing HASH (Notify/Delete)
11-03: 08:55:00:779:b0c ClearFragList
11-03: 08:55:01:290:dc Recieived API shutdown
11-03: 08:55:01:290:fec Acquire thread exiting
11-03: 08:55:01:300:fec Acquire thread exiting
11-03: 08:55:01:300:dc Wait is done
11-03: 08:55:01:300:dc Before send_deletes
11-03: 08:55:01:300:dc AFter send_deletes
11-03: 08:55:01:300:f14 ReceiveThread exiting
11-03: 08:55:01:300:dc Begin Wait. isadb_clean_socket 0
11-03: 08:55:01:300:dc End Wait. isadb_clean_socket
11-03: 08:55:01:300:dc Begin Wait. isadb_kill_old 0
11-03: 08:55:01:300:dc End Wait. isadb_kill_old
11-03: 08:55:01:300:dc Begin Wait. ActiveRpcCalls 0
11-03: 08:55:01:300:dc End Wait. ActiveRpcCalls
11-03: 08:55:01:300:dc Begin Wait. Outstanding Items 0
11-03: 08:55:01:300:dc End Wait. Outstanding Items
11-03: 08:55:01:300:dc Peer List Entry 000DAC30
11-03: 08:55:01:300:dc Release Encap state
11-03: 08:55:01:300:dc Remove PeerListEntry


.

Relevant Pages

  • RE: where to download md5.py?
    ... md5 is a standard Python module. ... I don't have sha either, but my system administrators don't know a thing ...
    (comp.lang.python)
  • MD5 and SHA cracked/broken...
    ... at Crypto 2004 preliminary papers were presented that ... MD5 is broken and SHA-1 seems to be in a precarious position (even ... (especially SHA, whose name even includes the name "secure"). ... The time you enjoy wasting is not wasted time ...
    (comp.lang.python)
  • Re: MD5 for z/OS?
    ... There's open source C at: ... Linkname: sha ... The OP asked about MD5 (which is somewhat ... For IBM-MAIN subscribe / signoff / archive access instructions, ...
    (bit.listserv.ibm-main)
  • Re: Generating a unique identifier
    ... Should garbage-collecting 16 million ... cipher using md5 or sha as the round function pretty straightforwardly, ...
    (comp.lang.python)
  • "Boradcasting" MACd data
    ... On approach is obviously to use public key crypto and have the server sign ... My current idea is to have the client and server "connect" through DH key ... the server sends each client a packet. ... padding the broadcast data to 512 bits, shoving these blocks through MD5, ...
    (sci.crypt)