HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual page 469
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
When IKE cannot progress past quick mode message 1, it is unable to negotiate
the IPSec SA. If possible, have your peer attempt to initiate a connection with
you. In this way you can search through the debug messages for the peer's
IPSec SA proposal and determine which settings do not match local settings.
2005.08.13 14:25:03 peer 10.1.1.1: Received first message of quick mode
2005.08.13 14:25:03 <POLICY: 1> PAYLOADS:
"Received" indicates that
these are the local
HASH,SA,PROP,TRANS,NONCE,ID,ID
peer's policies.
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
Encryption
2005.08.13 14:25:03
algorithm
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
2005.08.13 14:25:03
Figure 8-16. IKE Debug Messages: IKE Phase 2 Security Proposals
Figure 8-16 illustrates how you can find the security parameters proposed by
the peer.
Search for the "IANA No for proposal: IPSec" message. An IPSec proposal is
the proposal for the IPSec SA. Beneath it should be an "IANA Transform ID"
and "TRANSFORM ATTRIBUTES." The IANA Transform ID is the encryption
algorithm for ESP. The transform attributes are the other IPSec SA security
proposals. Each proposal includes four attributes, marked "SA Attrib." The
actual setting for the attribute is shown below as the "Value."
Troubleshooting a VPN That Uses IPSec
HASH PAYLOAD
SA PAYLOAD
DOI: 1
Situation: 1
PROPOSAL PAYLOAD
Proposal No.: 1
IANA No. for protocol: IPSec ESP (3)
Size of the variable SPI field: 4
Number of transforms offered: 1
SPI for the proposal: 2866043823
TRANSFORM PAYLOAD
Transform Number: 1
IANA Transform ID: DES (2)
TRANSFORM ATTRIBUTES
SA Attrib: Authentication Algorithm (5)
Length: 2
Value: MD5 (1)
SA Attrib: Encapsulation Mode (4)
Length: 2
Value: Tunnel (1)
SA Attrib: Life Type (1)
Length: 2
Value: Seconds (1)
SA Attrib: Life Time (2)
Length: 4
Value:
(28800)
Virtual Private Networks
IPSec is using
ESP headers
8-83
Advertisement
Chapters
Table of Contents
Troubleshooting
