Step 6. Server ID Response
The server now responds with its own ID.
IkeSnoop: Sending IKE packet to 192.168.0.10:500 Exchange type :
Identity Protection (main mode) ISAKMP Version : 1.0
Flags
: E (encryption)
Cookies
: 0x6098238b67d97ea6 -> 0x5e347cb76e95a
Message ID
: 0x00000000
Packet length
: 60 bytes
# payloads
: 2
Payloads:
ID (Identification)
Payload data length : 8 bytes
ID : ipv4(any:0,[0..3]=192.168.10.20)
HASH (Hash)
Payload data length : 16 bytes
Step 7. Client Sends a List of Supported IPsec Algorithms
Now the client sends the list of supported IPsec algorithms to the server. It will also contain the
proposed host/networks that are allowed in the tunnel.
IkeSnoop: Received IKE packet from 192.168.0.10:500 Exchange type :
Quick mode ISAKMP Version : 1.0
Flags
: E (encryption)
Cookies
: 0x6098238b67d97ea6 -> 0x5e347cb76e95a
Message ID
: 0xaa71428f
Packet length
: 264 bytes
# payloads
: 5
Payloads:
HASH (Hash)
Payload data length : 16 bytes
SA (Security Association)
Payload data length : 164 bytes
DOI : 1 (IPsec DOI)
Proposal 1/1
Protocol 1/1
Protocol ID
: ESP
SPI Size
: 4
SPI Value
: 0x4c83cad2
Transform 1/4
Transform ID
: Rijndael (aes)
Key length
: 128
Authentication algorithm : HMAC-MD5
SA life type
: Seconds
SA life duration
: 21600
SA life type
: Kilobytes
SA life duration
: 50000
Encapsulation mode
: Tunnel
Transform 2/4
Transform ID
: Rijndael (aes)
Key length
: 128
Authentication algorithm : HMAC-SHA-1
SA life type
: Seconds
SA life duration
: 21600
SA life type
: Kilobytes
SA life duration
: 50000
Encapsulation mode
: Tunnel
Transform 3/4
Transform ID
: Blowfish
9.4.5. Troubleshooting with ikesnoop
Chapter 9. VPN
425
Summary of Contents for DFL-1600 - Security Appliance
Page 27: ...1 3 NetDefendOS State Engine Packet Flow Chapter 1 NetDefendOS Overview 27 ...
Page 79: ...2 7 3 Restore to Factory Defaults Chapter 2 Management and Maintenance 79 ...
Page 146: ...3 9 DNS Chapter 3 Fundamentals 146 ...
Page 227: ...4 7 5 Advanced Settings for Transparent Mode Chapter 4 Routing 227 ...
Page 241: ...5 4 IP Pools Chapter 5 DHCP Services 241 ...
Page 339: ...6 7 Blacklisting Hosts and Networks Chapter 6 Security Mechanisms 339 ...
Page 360: ...7 4 7 SAT and FwdFast Rules Chapter 7 Address Translation 360 ...
Page 382: ...8 3 Customizing HTML Pages Chapter 8 User Authentication 382 ...
Page 386: ... The TLS ALG 9 1 5 The TLS Alternative for VPN Chapter 9 VPN 386 ...
Page 439: ...Figure 9 3 PPTP Client Usage 9 5 4 PPTP L2TP Clients Chapter 9 VPN 439 ...
Page 450: ...9 7 6 Specific Symptoms Chapter 9 VPN 450 ...
Page 488: ...10 4 6 Setting Up SLB_SAT Rules Chapter 10 Traffic Management 488 ...
Page 503: ...11 6 HA Advanced Settings Chapter 11 High Availability 503 ...
Page 510: ...12 3 5 Limitations Chapter 12 ZoneDefense 510 ...
Page 533: ...13 9 Miscellaneous Settings Chapter 13 Advanced Settings 533 ...