D-Link DFL-260E User Manual page 424

Network security firewall netdefendos version 2.27.03
Hide thumbs Also See for DFL-260E:
Table of Contents

Advertisement

9.4.5. Troubleshooting with ikesnoop
NAT-D (NAT Detection)
Payload data length : 16 bytes
Step 4. Server Sends Key Exchange Data
The Server now sends key exchange data back to the client.
IkeSnoop: Sending IKE packet to 192.168.0.10:500 Exchange type :
Identity Protection (main mode) ISAKMP Version : 1.0
Flags
Cookies
Message ID
Packet length
# payloads
Payloads:
KE (Key Exchange)
Payload data length : 128 bytes
NONCE (Nonce)
Payload data length : 16 bytes
NAT-D (NAT Detection)
Payload data length : 16 bytes
NAT-D (NAT Detection)
Payload data length : 16 bytes
Step 5. Client Sends Identification
The initiator sends the identification which is normally an IP address or the Subject Alternative
Name if certificates are used.
IkeSnoop: Received IKE packet from 192.168.0.10:500 Exchange type :
Identity Protection (main mode) ISAKMP Version : 1.0
Flags
Cookies
Message ID
Packet length
# payloads
Payloads:
ID (Identification)
Payload data length : 8 bytes
ID : ipv4(any:0,[0..3]=192.168.0.10)
HASH (Hash)
Payload data length : 16 bytes
N (Notification)
Payload data length : 8 bytes
Protocol ID
Notification : Initial contact
Explanation of Above Values
Flags: E means encryption (it is the only flag used).
ID: Identification of the client
The Notification field is given as Initial Contact to indicate this is not a re-key.
:
: 0x6098238b67d97ea6 -> 0x5e347cb76e95a
: 0x00000000
: 220 bytes
: 4
: E (encryption)
: 0x6098238b67d97ea6 -> 0x5e347cb76e95a
: 0x00000000
: 72 bytes
: 3
: ISAKMP
424
Chapter 9. VPN

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents