Initiator
Aggressive
mode
Quick mode
IPsec SA negotiation is performed in phase 2 negotiation. Something wrong might occur in phase 2
negotiation.
To resolve the problem:
On the initiator, display IKE debugging information by using the debugging ike all
1.
command. The key debugging information is as follows:
*Nov
7 09:23:08:808 2014 ROUTER IKE/7/DEBUG: send message:
//The initiator sent the first packet for negotiation.
*Nov
7 09:23:08:808 2014 ROUTER IKE/7/DEBUG:
*Nov
7 09:23:08:808 2014 ROUTER IKE/7/DEBUG:
.....................
*Nov 7 09:23:09:365 2014 ROUTER IKE/7/DEBUG: exchange state machine(I): finished step
0, advancing...
*Nov
7 09:23:09:415 2014 ROUTER IKE/7/DEBUG: received message:
//The device received a reply packet from the peer (the second packet for negotiation).
*Nov
7 09:23:09:516 2014 ROUTER IKE/7/DEBUG:
*Nov
7 09:23:09:566 2014 ROUTER IKE/7/DEBUG:
.....................
*Nov 7 09:23:13:510 2014 ROUTER IKE/7/DEBUG: exchange state machine(I): finished step
1, advancing...
.....................
*Nov
7 09:23:14:820 2014 ROUTER IKE/7/DEBUG: send message:
//The device sent the third packet for negotiation.
*Nov
7 09:23:14:920 2014 ROUTER IKE/7/DEBUG:
*Nov
7 09:23:14:971 2014 ROUTER IKE/7/DEBUG:
.....................
Unencrypted, iCookie=xxx, rCookie=0, Payload: SA, KEY
EXCHANGE, NONCE, Vendor ID, Identification
Unencrypted, iCookie=xxx, rCookie=xxx, Payload: SA, KEY
EXCHANGE, NONCE, Vendor ID, Identification, HASH
Encrypted, Payload: KEY EXCHANGE, NONCE, ID
Encrypted, Payload: SA, NONCE,ID
Encrypted, Payload: SA, NONCE, ID, HASH
Encrypted, Payload: HASH
21
Receiver
ICOOKIE: 0xb8a20d7c014806fa
RCOOKIE: 0x0000000000000000
ICOOKIE: 0xb8a20d7c014806fa
RCOOKIE: 0x67a9145eb46c41d9
ICOOKIE: 0xb8a20d7c014806fa
RCOOKIE: 0x67a9145eb46c41d9