Screenos Site to Site VPN debug

=FW1 debug ike detail=

SSG320-.140-> get db str SSG320-.140->
 * 1) 2013-07-27 18:53:00 : IKE<1.1.1.2> ike packet, len 184, action 1
 * 2) 2013-07-27 18:53:00 : IKE<1.1.1.2> Catcher: received 156 bytes from socket.
 * 3) 2013-07-27 18:53:00 : IKE<1.1.1.2> ****** Recv packet if  of vsys  ******                              ==>  1st Packet Received
 * 4) 2013-07-27 18:53:00 : IKE<1.1.1.2> Catcher: get 156 bytes. src port 500
 * 5) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   ISAKMP msg: len 156, nxp 1[SA], exch 2[MM], flag 00
 * 6) 2013-07-27 18:53:00 : IKE<1.1.1.2        > Recv : [SA] [VID] [VID] [VID]
 * 7) 2013-07-27 18:53:00 : IKE<1.1.1.2> found peer vpn1
 * 8) 2013-07-27 18:53:00 : IKE<1.1.1.2> Found peer entry (vpn1) from 1.1.1.2.
 * 9) 2013-07-27 18:53:00 : responder create sa: 1.1.1.2->1.1.1.1
 * 10) 2013-07-27 18:53:00 : init p1sa, pidt = 0x0
 * 11) 2013-07-27 18:53:00 : change peer identity for p1 sa, pidt = 0x0
 * 12) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   peer_identity_create_with_uid: uid<0>
 * 13) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   create peer identity 0xbd45154
 * 14) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   peer_identity_add_to_peer: num entry before add <1>
 * 15) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   peer_identity_add_to_peer: num entry after add <2>
 * 16) 2013-07-27 18:53:00 : peer identity bd45154 created.
 * 17) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   EDIPI disabled
 * 18) 2013-07-27 18:53:00 : IKE<1.1.1.2> getProfileFromP1Proposal->
 * 19) 2013-07-27 18:53:00 : IKE<1.1.1.2> find profile[0]=<00000001 00000001 00000001 00000001> for p1 proposal (id 0), xauth(0)
 * 20) 2013-07-27 18:53:00 : IKE<1.1.1.2> responder create sa: 1.1.1.2->1.1.1.1
 * 21) 2013-07-27 18:53:00 : IKE<1.1.1.2> Phase 1: Responder starts MAIN mode negotiations.
 * 22) 2013-07-27 18:53:00 : IKE<1.1.1.2> MM in state OAK_MM_NO_STATE.
 * 23) 2013-07-27 18:53:00 : IKE<1.1.1.2> Process [VID]:
 * 24) 2013-07-27 18:53:00 : IKE<1.1.1.2        >   Vendor ID:
 * 25) 2013-07-27 18:53:00 : 1c 9c c5 6f ce 38 2e 3a  04 0b 69 2c da 85 42 7d
 * 26) 2013-07-27 18:53:00 : 73 06 db 4b 11 00 00 00  1e 06 00 00
 * 27) 2013-07-27 18:53:00 : IKE<1.1.1.2> peer is an NetScreen box, model=SSG-520, ver=6.30
 * 28) 2013-07-27 18:53:00 : IKE<1.1.1.2> Process [VID]:
 * 29) 2013-07-27 18:53:00 : IKE<1.1.1.2        >   Vendor ID:
 * 30) 2013-07-27 18:53:00 : af ca d7 13 68 a1 f1 c9  6b 86 96 fc 77 57 01 00
 * 31) 2013-07-27 18:53:00 : IKE<1.1.1.2> Process [VID]:
 * 32) 2013-07-27 18:53:00 : IKE<1.1.1.2        >   Vendor ID:
 * 33) 2013-07-27 18:53:00 : 48 65 61 72 74 42 65 61  74 5f 4e 6f 74 69 66 79
 * 34) 2013-07-27 18:53:00 : 38 6b 01 00
 * 35) 2013-07-27 18:53:00 : IKE<1.1.1.2> rcv HeartBeat vid, ver 1.0
 * 36) 2013-07-27 18:53:00 : IKE<1.1.1.2> Process [SA]:
 * 37) 2013-07-27 18:53:00 : IKE<1.1.1.2> Proposal received: xauthflag 0
 * 38) 2013-07-27 18:53:00 : IKE<1.1.1.2> auth(1), encr(1), hash(1), group(1)
 * 39) 2013-07-27 18:53:00 : IKE<1.1.1.2> xauth attribute: disabled
 * 40) 2013-07-27 18:53:00 : IKE<1.1.1.2> Phase 1 proposal [0] selected.
 * 41) 2013-07-27 18:53:00 : IKE<1.1.1.2> SA Life Type = seconds
 * 42) 2013-07-27 18:53:00 : IKE<1.1.1.2> SA lifetime (TV) = 28800
 * 43) 2013-07-27 18:53:00 : IKE<1.1.1.2> DH_BG_consume OK. p1 resp
 * 44) 2013-07-27 18:53:00 : IKE<1.1.1.2> Phase 1 MM Responder constructing 2nd message.                                    ==>  2nd Packet Prepared
 * 45) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct ISAKMP header.
 * 46) 2013-07-27 18:53:00 : IKE<1.1.1.2> Msg header built (next payload #1)
 * 47) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct [SA] for ISAKMP
 * 48) 2013-07-27 18:53:00 : IKE<1.1.1.2> auth(1), encr(1), hash(1), group(1)
 * 49) 2013-07-27 18:53:00 : IKE<1.1.1.2> xauth attribute: disabled
 * 50) 2013-07-27 18:53:00 : IKE<1.1.1.2> lifetime/lifesize (28800/0)
 * 51) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   set_phase1_transform, dh_group(1).
 * 52) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct NetScreen [VID]
 * 53) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct custom [VID]
 * 54) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct custom [VID]
 * 55) 2013-07-27 18:53:00 : IKE<1.1.1.2        > Xmit : [SA] [VID] [VID] [VID]
 * 56) 2013-07-27 18:53:00 : IKE<1.1.1.2> Responder sending IPv4 IP 1.1.1.2/port 500
 * 57) 2013-07-27 18:53:00 : IKE<1.1.1.2> Send Phase 1 packet (len=156)
 * 58) 2013-07-27 18:53:00 : IKE<1.1.1.2> IKE msg done: PKI state<0> IKE state<1/804203>
 * 59) 2013-07-27 18:53:00 : IKE<1.1.1.2> ike packet, len 192, action 0
 * 60) 2013-07-27 18:53:00 : IKE<1.1.1.2> Catcher: received 164 bytes from socket.
 * 61) 2013-07-27 18:53:00 : IKE<1.1.1.2> ****** Recv packet if  of vsys  ******                          ==>  3rd Packet Received
 * 62) 2013-07-27 18:53:00 : IKE<1.1.1.2> Catcher: get 164 bytes. src port 500
 * 63) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   ISAKMP msg: len 164, nxp 4[KE], exch 2[MM], flag 00
 * 64) 2013-07-27 18:53:00 : IKE<1.1.1.2        > Recv : [KE] [NONCE]
 * 65) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   extract payload (136):
 * 66) 2013-07-27 18:53:00 : IKE<1.1.1.2> MM in state OAK_MM_SA_SETUP.
 * 67) 2013-07-27 18:53:00 : IKE<1.1.1.2> Process [KE]:
 * 68) 2013-07-27 18:53:00 : IKE<1.1.1.2> processing ISA_KE in phase 1.
 * 69) 2013-07-27 18:53:00 : IKE<1.1.1.2> Phase1: his_DH_pub_len is 96
 * 70) 2013-07-27 18:53:00 : IKE<1.1.1.2> Process [NONCE]:
 * 71) 2013-07-27 18:53:00 : IKE<1.1.1.2> processing NONCE in phase 1.
 * 72) 2013-07-27 18:53:00 : IKE<1.1.1.2> IKE msg done: PKI state<0> IKE state<1/280620b>
 * 73) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   finished job pkaidx <0> dh_len<96> dmax<64>
 * 74) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   finished job d
 * 75) 2013-07-27 18:53:00 : IKE<1.1.1.2> MM in state OAK_MM_SA_SETUP.
 * 76) 2013-07-27 18:53:00 : IKE<1.1.1.2> re-enter MM after offline DH done
 * 77) 2013-07-27 18:53:00 : IKE<1.1.1.2> Phase 1 MM Responder constructing 4th message.                                      ==>  4th Packet Prepared
 * 78) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct ISAKMP header.
 * 79) 2013-07-27 18:53:00 : IKE<1.1.1.2> Msg header built (next payload #4)
 * 80) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct [KE] for ISAKMP
 * 81) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct [NONCE]
 * 82) 2013-07-27 18:53:00 : IKE<1.1.1.2> throw packet to the peer, paket_len=164
 * 83) 2013-07-27 18:53:00 : IKE<1.1.1.2        > Xmit : [KE] [NONCE]
 * 84) 2013-07-27 18:53:00 : IKE<1.1.1.2> Responder sending IPv4 IP 1.1.1.2/port 500
 * 85) 2013-07-27 18:53:00 : IKE<1.1.1.2> Send Phase 1 packet (len=164)
 * 86) 2013-07-27 18:53:00 : IKE<1.1.1.2> ike packet, len 96, action 0
 * 87) 2013-07-27 18:53:00 : IKE<1.1.1.2> Catcher: received 68 bytes from socket.
 * 88) 2013-07-27 18:53:00 : IKE<1.1.1.2> ****** Recv packet if  of vsys  ******                          ==>  5th Packet Received
 * 89) 2013-07-27 18:53:00 : IKE<1.1.1.2> Catcher: get 68 bytes. src port 500
 * 90) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   ISAKMP msg: len 68, nxp 5[ID], exch 2[MM], flag 01  E
 * 91) 2013-07-27 18:53:00 : IKE<1.1.1.2> gen_skeyid
 * 92) 2013-07-27 18:53:00 : IKE<1.1.1.2> gen_skeyid: returning 0
 * 93) 2013-07-27 18:53:00 : IKE<1.1.1.2> Decrypting payload (length 40)
 * 94) 2013-07-27 18:53:00 : IKE<1.1.1.2        > Recv*: [ID] [HASH]
 * 95) 2013-07-27 18:53:00 : valid id checking, id type:IP Address, len:12.
 * 96) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   extract payload (40):
 * 97) 2013-07-27 18:53:00 : valid id checking, id type:IP Address, len:12.
 * 98) 2013-07-27 18:53:00 : IKE<1.1.1.2> MM in state OAK_MM_KEY_EXCH.
 * 99) 2013-07-27 18:53:00 : IKE<1.1.1.2> Process [ID]:
 * 100) 2013-07-27 18:53:00 : IKE<1.1.1.2> ID received: type=ID_IPV4_ADDR, ip = 1.1.1.2, port=500, protocol=17
 * 101) 2013-07-27 18:53:00 : IKE<1.1.1.2> peer gateway entry has no peer id configured
 * 102) 2013-07-27 18:53:00 : IKE<1.1.1.2> ID processed. return 0. sa->p1_state = 2.
 * 103) 2013-07-27 18:53:00 : IKE<1.1.1.2> Process [HASH]:
 * 104) 2013-07-27 18:53:00 : IKE<1.1.1.2> ID, len=8, type=1, pro=17, port=500,
 * 105) 2013-07-27 18:53:00 : IKE<1.1.1.2> addr=1.1.1.2
 * 106) 2013-07-27 18:53:00 : IKE<1.1.1.2> Phase 1 MM Responder constructing 6th message.                                    ==>  6th Packet Prepared
 * 107) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct ISAKMP header.
 * 108) 2013-07-27 18:53:00 : IKE<1.1.1.2> Msg header built (next payload #5)
 * 109) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct [ID] for ISAKMP
 * 110) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct [HASH]
 * 111) 2013-07-27 18:53:00 : IKE<1.1.1.2> ID, len=8, type=1, pro=17, port=500,
 * 112) 2013-07-27 18:53:00 : IKE<1.1.1.2> addr=1.1.1.1
 * 113) 2013-07-27 18:53:00 : IKE<1.1.1.2        > Xmit*: [ID] [HASH]
 * 114) 2013-07-27 18:53:00 : IKE<1.1.1.2> Encrypt P1 payload (len 60)
 * 115) 2013-07-27 18:53:00 : IKE<1.1.1.2> Responder sending IPv4 IP 1.1.1.2/port 500
 * 116) 2013-07-27 18:53:00 : IKE<1.1.1.2> Send Phase 1 packet (len=68)
 * 117) 2013-07-27 18:53:00 : IKE<1.1.1.2> completing Phase 1
 * 118) 2013-07-27 18:53:00 : IKE<1.1.1.2> sa_pidt = bd45154
 * 119) 2013-07-27 18:53:00 : IKE<1.1.1.2> found existing peer identity bd44ea0
 * 120) 2013-07-27 18:53:00 : IKE<1.1.1.2> peer_identity_unregister_p1_sa.
 * 121) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   delete peer identity 0xbd45154
 * 122) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   peer_identity_remove_from_peer: num entry before remove <2>
 * 123) 2013-07-27 18:53:00 : IKE<1.1.1.2> peer_idt.c peer_identity_unregister_p1_sa 685: pidt deleted.
 * 124) 2013-07-27 18:53:00 : IKE<1.1.1.2> Phase 1: Completed Main mode negotiation with a -second lifetime.
 * 125) 2013-07-27 18:53:00 : IKE<1.1.1.2> IKE msg done: PKI state<0> IKE state<3/80522f>
 * 126) 2013-07-27 18:53:00 : IKE<1.1.1.2> ike packet, len 200, action 0
 * 127) 2013-07-27 18:53:00 : IKE<1.1.1.2> Catcher: received 172 bytes from socket.
 * 128) 2013-07-27 18:53:00 : IKE<1.1.1.2> ****** Recv packet if  of vsys  ******                            ==>  Ph2 1st Packet Received
 * 129) 2013-07-27 18:53:00 : IKE<1.1.1.2> Catcher: get 172 bytes. src port 500
 * 130) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   ISAKMP msg: len 172, nxp 8[HASH], exch 32[QM], flag 01  E
 * 131) 2013-07-27 18:53:00 : IKE<1.1.1.2> Create conn entry...
 * 132) 2013-07-27 18:53:00 : IKE<1.1.1.2>   ...done(new 708c83e5)
 * 133) 2013-07-27 18:53:00 : IKE<1.1.1.2> Phase 2 msg-id : Responded to the first peer message.
 * 134) 2013-07-27 18:53:00 : IKE<1.1.1.2> Decrypting payload (length 144)
 * 135) 2013-07-27 18:53:00 : IKE<1.1.1.2        > Recv*: [HASH] [SA] [NONCE] [ID] [ID]
 * 136) 2013-07-27 18:53:00 : valid id checking, id type:IP Subnet, len:16.
 * 137) 2013-07-27 18:53:00 : valid id checking, id type:IP Subnet, len:16.
 * 138) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   extract payload (144):
 * 139) 2013-07-27 18:53:00 : valid id checking, id type:IP Subnet, len:16.
 * 140) 2013-07-27 18:53:00 : valid id checking, id type:IP Subnet, len:16.
 * 141) 2013-07-27 18:53:00 : IKE<1.1.1.2> QM in state OAK_QM_SA_ACCEPT.
 * 142) 2013-07-27 18:53:00 : IKE<1.1.1.2> Start by finding matching member SA (verify -1/-1)
 * 143) 2013-07-27 18:53:00 : IKE<1.1.1.2> IKE: Matching policy: gw ip <1.1.1.2> peer entry id<0>
 * 144) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   protocol matched expected<0>.
 * 145) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   port matched expect l:<0>, r<0>.
 * 146) 2013-07-27 18:53:00 : ipvx = IPV4
 * 147) 2013-07-27 18:53:00 : rcv_local_addr = 3.3.3.0, rcv_local_mask = 255.255.255.0, p_rcv_local_real = 3.3.3.0
 * 148) 2013-07-27 18:53:00 : rcv_remote_addr = 4.4.4.0, rcv_remote_mask = 255.255.255.0, p_rcv_remote_real = 4.4.4.0
 * 149) 2013-07-27 18:53:00 : ike_p2_id->local_ip = 3.3.3.0, cfg_local_mask = 255.255.255.0, p_cfg_local_real = 3.3.3.0
 * 150) 2013-07-27 18:53:00 : ike_p2_id->remote_ip = 4.4.4.0, cfg_remote_mask = 255.255.255.0, p_cfg_remote_real = 4.4.4.0
 * 151) 2013-07-27 18:53:00 : IKE<1.1.1.2> Proxy ID match: Located matching Phase 2 SA <4>.
 * 152) 2013-07-27 18:53:00 : IKE<1.1.1.2> Process [SA]:
 * 153) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   Check P2 Proposal
 * 154) 2013-07-27 18:53:00 : IKE<1.1.1.2> SA life type = seconds
 * 155) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   SA life duration (TLV) = 0x 00 00 0e 10
 * 156) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   encap mode from peer = 1.
 * 157) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   encap mode after converting it to private value = 1.
 * 158) 2013-07-27 18:53:00 : IKE<1.1.1.2> Phase 2 received:
 * 159) 2013-07-27 18:53:00 : IKE<1.1.1.2> atts<00000003 00000000 00000002 00000001 00000001 00000000>
 * 160) 2013-07-27 18:53:00 : IKE<1.1.1.2> proto(3), esp(2), auth(1)<MD5>, encap(1)<TUNNEL>, group(0)
 * 161) 2013-07-27 18:53:00 : IKE<1.1.1.2> P2 proposal [0] selected.
 * 162) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   add sa list for msg id
 * 163) 2013-07-27 18:53:00 : IKE<1.1.1.2> Process [NONCE]:
 * 164) 2013-07-27 18:53:00 : IKE<1.1.1.2> processing NONCE in phase 2.
 * 165) 2013-07-27 18:53:00 : IKE<1.1.1.2> Process [ID]:
 * 166) 2013-07-27 18:53:00 : IKE<1.1.1.2> Process [ID]:
 * 167) 2013-07-27 18:53:00 : IKE<1.1.1.2> Phase 2 Responder constructing 2nd message.                                          ==>  Ph2 2nd Packet Prepared
 * 168) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct ISAKMP header.
 * 169) 2013-07-27 18:53:00 : IKE<1.1.1.2> Msg header built (next payload #8)
 * 170) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct [HASH]
 * 171) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct [SA] for IPSEC
 * 172) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   Set IPSEC SA attrs tunnel(1) MD5 grp0 lifetime(3600/0)
 * 173) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   Before NAT-T attr unmap: P2 prop tunnel = 1.
 * 174) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   After NAT-T attr unmap: P2 prop tunnel = 1.
 * 175) 2013-07-27 18:53:00 : IKE<1.1.1.2> Initiator P2 ID built: .^..
 * 176) 2013-07-27 18:53:00 : IKE<1.1.1.2> Responder P2 ID built: .^..
 * 177) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct [NONCE] for IPSec
 * 178) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct [ID] for Phase 2
 * 179) 2013-07-27 18:53:00 : id payload constructed. type(4),ip(4.4.4.0),mask(255.255.255.0), prot(0), port(0)
 * 180) 2013-07-27 18:53:00 : IKE<1.1.1.2> Construct [ID] for Phase 2
 * 181) 2013-07-27 18:53:00 : id payload constructed. type(4),ip(3.3.3.0),mask(255.255.255.0), prot(0), port(0)
 * 182) 2013-07-27 18:53:00 : IKE<1.1.1.2> construct QM HASH
 * 183) 2013-07-27 18:53:00 : IKE<1.1.1.2        > Xmit*: [HASH] [SA] [NONCE] [ID] [ID]
 * 184) 2013-07-27 18:53:00 : IKE<1.1.1.2> Encrypt P2 payload (len 168)
 * 185) 2013-07-27 18:53:00 : IKE<1.1.1.2> Responder sending IPv4 IP 1.1.1.2/port 500
 * 186) 2013-07-27 18:53:00 : IKE<1.1.1.2> Send Phase 2 packet (len=172)
 * 187) 2013-07-27 18:53:00 : IKE<1.1.1.2> oakley_process_quick_mode:exit
 * 188) 2013-07-27 18:53:00 : IKE<1.1.1.2> IKE msg done: PKI state<0> IKE state<3/80522f>
 * 189) 2013-07-27 18:53:00 : IKE<1.1.1.2> ike packet, len 80, action 0
 * 190) 2013-07-27 18:53:00 : IKE<1.1.1.2> Catcher: received 52 bytes from socket.
 * 191) 2013-07-27 18:53:00 : IKE<1.1.1.2> ****** Recv packet if <ethernet0/1> of vsys <Root> ******                              ==>  Ph2 3rd Packet Received
 * 192) 2013-07-27 18:53:00 : IKE<1.1.1.2> Catcher: get 52 bytes. src port 500
 * 193) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   ISAKMP msg: len 52, nxp 8[HASH], exch 32[QM], flag 01  E
 * 194) 2013-07-27 18:53:00 : IKE<1.1.1.2> Decrypting payload (length 24)
 * 195) 2013-07-27 18:53:00 : IKE<1.1.1.2        > Recv*: [HASH]
 * 196) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   extract payload (24):
 * 197) 2013-07-27 18:53:00 : IKE<1.1.1.2> QM in state OAK_QM_AUTH_AWAIT.
 * 198) 2013-07-27 18:53:00 : IKE<1.1.1.2> xauth_cleanup
 * 199) 2013-07-27 18:53:00 : IKE<1.1.1.2> Done cleaning up IKE Phase 1 SA
 * 200) 2013-07-27 18:53:00 : IKE<1.1.1.2> Start by finding matching member SA (verify 0/0)
 * 201) 2013-07-27 18:53:00 : IKE<1.1.1.2> Verify sa: index 0
 * 202) 2013-07-27 18:53:00 : IKE<1.1.1.2> IKE: Matching policy: gw ip <1.1.1.2> peer entry id<0>
 * 203) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   protocol matched expected<0>.
 * 204) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   port matched expect l:<0>, r<0>.
 * 205) 2013-07-27 18:53:00 : ipvx = IPV4
 * 206) 2013-07-27 18:53:00 : rcv_local_addr = 3.3.3.0, rcv_local_mask = 255.255.255.0, p_rcv_local_real = 3.3.3.0
 * 207) 2013-07-27 18:53:00 : rcv_remote_addr = 4.4.4.0, rcv_remote_mask = 255.255.255.0, p_rcv_remote_real = 4.4.4.0
 * 208) 2013-07-27 18:53:00 : ike_p2_id->local_ip = 3.3.3.0, cfg_local_mask = 255.255.255.0, p_cfg_local_real = 3.3.3.0
 * 209) 2013-07-27 18:53:00 : ike_p2_id->remote_ip = 4.4.4.0, cfg_remote_mask = 255.255.255.0, p_cfg_remote_real = 4.4.4.0
 * 210) 2013-07-27 18:53:00 : IKE<1.1.1.2> Proxy ID match: Located matching Phase 2 SA <4>.
 * 211) 2013-07-27 18:53:00 : IKE<1.1.1.2> sa ID for phase 2 sa is <4>. IP version is 4.
 * 212) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   life (sec or kb): lcl 3600, peer 3600, set 3600.
 * 213) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   life (sec or kb): lcl 0, peer 0, set 0.
 * 214) 2013-07-27 18:53:00 : IKE<1.1.1.2> gen_qm_key
 * 215) 2013-07-27 18:53:00 : IKE<1.1.1.2> load_sa_keys: enter.
 * 216) 2013-07-27 18:53:00 : IKE<1.1.1.2> gen_qm_key
 * 217) 2013-07-27 18:53:00 : IKE<1.1.1.2> load_sa_keys: enter.
 * 218) 2013-07-27 18:53:00 : IKE<1.1.1.2> ikmpd.c 3962. sa ID for phase 2 sa is <4>. IP version is 4.
 * 219) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   SPI = 0, do not remove
 * 220) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   SPI = 0, do not remove
 * 221) 2013-07-27 18:53:00 : IKE<1.1.1.2> clean_all_sa_state_node_from_list->
 * 222) 2013-07-27 18:53:00 : IKE<1.1.1.2> no relocate earlier SA-state, not active.
 * 223) 2013-07-27 18:53:00 : IKE<1.1.1.2> key_modify: sa index <0> bk_idx <0>.
 * 224) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   insert_sa_state_to_spi_hash spi, sa_index<0>, Incoming
 * 225) 2013-07-27 18:53:00 : IKE<0.0.0.0        >   insert_sa_state_to_spi_hash spi, sa_index<0>, Outgoing
 * 226) 2013-07-27 18:53:00 : IKE<1.1.1.2> update acvpn flags for sa 0
 * 227) 2013-07-27 18:53:00 : IKE<1.1.1.2> update acvpn flags for sa 0 - 0x400063
 * 228) 2013-07-27 18:53:00 : IKE<1.1.1.2>  crypto_ctx 11, 8, 8, 8, 0, 0, 16, 0, 12, 48
 * 229) 2013-07-27 18:53:00 : IKE<1.1.1.2> modify esp tunnel: src (peer) ipv4 <1.1.1.2>
 * 230) 2013-07-27 18:53:00 : IKE<1.1.1.2> modifying esp tunnel: self <ipv4 1.1.1.1>
 * 231) 2013-07-27 18:53:00 : IKE<1.1.1.2> update auto NHTB status for sa 0
 * 232) 2013-07-27 18:53:00 : IKE<1.1.1.2> after mod, out nsptunnel.
 * 233) 2013-07-27 18:53:00 : IKE<1.1.1.2> Phase 2 msg-id : Completed Quick Mode negotiation with SPI, tunnel ID <4>, and lifetime seconds/<0> KB.
 * 234) 2013-07-27 18:53:00 : IKE<1.1.1.2> Application sa installed.
 * 235) 2013-07-27 18:53:00 : IKE<1.1.1.2> oakley_process_quick_mode:exit
 * 236) 2013-07-27 18:53:00 : IKE<1.1.1.2> IKE msg done: PKI state<0> IKE state<3/80522f>
 * 237) 2013-07-27 18:53:02 : IKE<0.0.0.0        >   finished job pkaidx <0> dh_len<96> dmax<64>
 * 238) 2013-07-27 18:53:02 : IKE<0.0.0.0        >   finished job d
 * 239) 2013-07-27 18:53:02 : IKE<0.0.0.0        > BN, top24 dmax64 zero<no>
 * 240) 2013-07-27 18:53:23 : sys_set_peer_vpn->
 * 241) 2013-07-27 18:53:23 : IKE<1.1.1.2> setIkeConfig->
 * 242) 2013-07-27 18:53:23 : peer_ent->peer_gw_ipaddr = 1.1.1.2, pVpnEntry->vpn_gateway = 1.1.1.2
 * 243) 2013-07-27 18:53:23 : peer_ent->peer_local_addr = 1.1.1.1
 * 244) 2013-07-27 18:53:23 : sys_modify_vpn->
 * 245) 2013-07-27 18:53:23 : IKE<0.0.0.0        >   VerifyP2Proposals->
 * 246) 2013-07-27 18:53:23 : IKE<1.1.1.2> mod vpn vpn1: SPI 0/0, passwd
 * 247) 2013-07-27 18:53:23 : IKE<1.1.1.2> vpn_modify->
 * 248) 2013-07-27 18:53:23 : IKE<1.1.1.2> fix_vpn_key->
 * 249) 2013-07-27 18:53:23 : IKE<1.1.1.2> fix_vpn_key exit
 * 250) 2013-07-27 18:53:23 : IKE<0.0.0.0        >   getProfileFromP2Proposal->
 * 251) 2013-07-27 18:53:23 : IKE<0.0.0.0        >   proposal[0] idx<1> proto<3> auth<1> encrypt<1>
 * 252) 2013-07-27 18:53:23 : IKE<0.0.0.0        >   0 profile[0]=<00000003 00000000 00000002 00000001 00000001 00000000>
 * 253) 2013-07-27 18:53:23 : IKE<1.1.1.2> update_sa->
 * 254) 2013-07-27 18:53:23 : IKE<1.1.1.2> update_sa_ipsec->
 * 255) 2013-07-27 18:53:23 : IKE<1.1.1.2> update_sa_ipsec: phase 2 idle time <0>.
 * 256) 2013-07-27 18:53:23 : IKE<1.1.1.2> update_sa_ipsec exit
 * 257) 2013-07-27 18:53:23 : IKE<1.1.1.2> update_sa_ipsec->
 * 258) 2013-07-27 18:53:23 : IKE<1.1.1.2> update_sa_ipsec: phase 2 idle time <0>.
 * 259) 2013-07-27 18:53:23 : IKE<1.1.1.2> update_sa_ipsec exit
 * 260) 2013-07-27 18:53:23 : IKE<1.1.1.2> update_sa exit
 * 261) 2013-07-27 18:53:23 : IKE<1.1.1.2> vpn modify sa: tunnel local v4 IP 1.1.1.1.
 * 262) 2013-07-27 18:53:23 : IKE<1.1.1.2> modify key, send delete if needed.
 * 263) 2013-07-27 18:53:23 : IKE<1.1.1.2> deactive p2 sa 0 send_delete 1
 * 264) 2013-07-27 18:53:23 : IKE<1.1.1.2> Send IPSEC delete for sa 0, mode 1
 * 265) 2013-07-27 18:53:23 : IKE<1.1.1.2> isadb_get_entry_by_peer_and_local_if_port_p2sa isadb get entry by peer/local ip and port
 * 266) 2013-07-27 18:53:23 : IKE<1.1.1.2> sending phase 2 (SA0) delete to <ip 1.1.1.2> spi
 * 267) 2013-07-27 18:53:23 : IKE<1.1.1.2> Create conn entry...
 * 268) 2013-07-27 18:53:23 : IKE<1.1.1.2>   ...done(new 7738ad33)
 * 269) 2013-07-27 18:53:23 : IKE<1.1.1.2> Construct ISAKMP header.
 * 270) 2013-07-27 18:53:23 : IKE<1.1.1.2> Msg header built (next payload #8)
 * 271) 2013-07-27 18:53:23 : IKE<1.1.1.2> Construct [HASH]
 * 272) 2013-07-27 18:53:23 : IKE<0.0.0.0        >   Construct [DELETE] for IPSec
 * 273) 2013-07-27 18:53:23 : IKE<0.0.0.0        >     ipsec del payload constructed, protocol=3, spi=9f0446d5
 * 274) 2013-07-27 18:53:23 : IKE<1.1.1.2> construct QM HASH
 * 275) 2013-07-27 18:53:23 : IKE<1.1.1.2        > Xmit*: [HASH] [DELETE]                                             ==>  DELETE Sent
 * 276) 2013-07-27 18:53:23 : IKE<1.1.1.2> Encrypt P2 payload (len 64)
 * 277) 2013-07-27 18:53:23 : IKE<1.1.1.2> Responder sending IPv4 IP 1.1.1.2/port 500
 * 278) 2013-07-27 18:53:23 : IKE<1.1.1.2> Send Phase 2 packet (len=68)
 * 279) 2013-07-27 18:53:23 : IKE<1.1.1.2> ipsec delete packet sent, type=3, spi=9f0446d5
 * 280) 2013-07-27 18:53:23 : IKE<1.1.1.2>   Delete conn entry...
 * 281) 2013-07-27 18:53:23 : IKE<1.1.1.2>  ...found conn entry(33ad3877)
 * 282) 2013-07-27 18:53:23 : IKE<1.1.1.2> clean_all_sa_state_node_from_list->
 * 283) 2013-07-27 18:53:23 : IKE<0.0.0.0        >   spi hash node removed: type<2>,spi ,ip<1.1.1.1>
 * 284) 2013-07-27 18:53:23 : IKE<0.0.0.0        >   spi hash node removed: type<2>,spi ,ip<1.1.1.2>
 * 285) 2013-07-27 18:53:23 : IKE<1.1.1.2> clean_all_sa_state_node_from_list->
 * 286) 2013-07-27 18:53:23 : IKE<1.1.1.2> no relocate earlier SA-state, not active.
 * 287) 2013-07-27 18:53:23 : IKE<1.1.1.2> key_modify: sa index <0> bk_idx <0>.
 * 288) 2013-07-27 18:53:23 : IKE<0.0.0.0        >   SPI = 0, do not insert
 * 289) 2013-07-27 18:53:23 : IKE<0.0.0.0        >   SPI = 0, do not insert
 * 290) 2013-07-27 18:53:23 : IKE<1.1.1.2> update acvpn flags for sa 0
 * 291) 2013-07-27 18:53:23 : IKE<1.1.1.2> update acvpn flags for sa 0 - 0x400020
 * 292) 2013-07-27 18:53:23 : IKE<1.1.1.2>  crypto_ctx 11, 8, 8, 8, 0, 0, 16, 0, 12, 48
 * 293) 2013-07-27 18:53:23 : IKE<1.1.1.2> modify esp tunnel: src (peer) ipv4 <1.1.1.2>
 * 294) 2013-07-27 18:53:23 : IKE<1.1.1.2> modifying esp tunnel: self <ipv4 1.1.1.1>
 * 295) 2013-07-27 18:53:23 : IKE<1.1.1.2> update auto NHTB status for sa 0
 * 296) 2013-07-27 18:53:23 : IKE<1.1.1.2> turning off monitor on the vpn.
 * 297) 2013-07-27 18:53:23 : IKE<1.1.1.2> vpn_modify exit 0
 * 298) 2013-07-27 18:53:26 : IKE<1.1.1.2> ****** Recv kernel msg IDX-0, TYPE-5 ******
 * 299) 2013-07-27 18:53:26 : IKE<1.1.1.2> ****** Recv kernel msg IDX-0, TYPE-5 ******
 * 300) 2013-07-27 18:53:26 : IKE<1.1.1.2> sa orig index<0>, peer_id<1>.
 * 301) 2013-07-27 18:53:26 : IKE<1.1.1.2> isadb_get_entry_by_peer_and_local_if_port_p2sa isadb get entry by peer/local ip and port
 * 302) 2013-07-27 18:53:26 : IKE<1.1.1.2> Phase 2: Initiated negotiation, p1 state (3/80522f).
 * 303) 2013-07-27 18:53:26 : IKE<1.1.1.2> Phase-2: start quick mode negotiation
 * 304) 2013-07-27 18:53:26 : IKE<1.1.1.2> Phase-2: no tunnel interface binding for Modecfg IPv4 address.
 * 305) 2013-07-27 18:53:26 : IKE<1.1.1.2> Create conn entry...
 * 306) 2013-07-27 18:53:26 : IKE<1.1.1.2>   ...done(new a6261908)
 * 307) 2013-07-27 18:53:26 : IKE<1.1.1.2> Initiator not set commit bit on 1st QM.
 * 308) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   add sa list for msg id
 * 309) 2013-07-27 18:53:26 : IKE<1.1.1.2> 0,0/0(0)/spi(d646049f)/keylen(0)
 * 310) 2013-07-27 18:53:26 : IKE<1.1.1.2> Construct ISAKMP header.
 * 311) 2013-07-27 18:53:26 : IKE<1.1.1.2> Msg header built (next payload #8)
 * 312) 2013-07-27 18:53:26 : IKE<1.1.1.2> Construct [HASH]
 * 313) 2013-07-27 18:53:26 : IKE<1.1.1.2> Construct [SA] for IPSEC
 * 314) 2013-07-27 18:53:26 : IKE<1.1.1.2> Set IPSEC SA attrs: lifetime(3600/0)
 * 315) 2013-07-27 18:53:26 : IKE<1.1.1.2> atts<00000003 00000000 00000002 00000001 00000001 00000000>
 * 316) 2013-07-27 18:53:26 : IKE<1.1.1.2> proto(3)<ESP>, esp(2)<ESP_DES>, auth(1)<MD5>, encap(1)<TUNNEL>, group(0)
 * 317) 2013-07-27 18:53:26 : IKE<1.1.1.2> Before NAT-T attr unmap: private tunnel = 1.
 * 318) 2013-07-27 18:53:26 : IKE<1.1.1.2> After NAT-T attr unmap: private tunnel = 1.
 * 319) 2013-07-27 18:53:26 : IKE<1.1.1.2> Policy have separate SA. Use P2 ID from policy sa (4).
 * 320) 2013-07-27 18:53:26 : IKE<1.1.1.2> Initiator P2 ID built: ._=
 * 321) 2013-07-27 18:53:26 : IKE<1.1.1.2> Responder P2 ID built: ._=
 * 322) 2013-07-27 18:53:26 : IKE<1.1.1.2> Construct [NONCE] for IPSec
 * 323) 2013-07-27 18:53:26 : IKE<1.1.1.2> Construct [ID] for Phase 2
 * 324) 2013-07-27 18:53:26 : id payload constructed. type(4),ip(3.3.3.0),mask(255.255.255.0), prot(0), port(0)
 * 325) 2013-07-27 18:53:26 : IKE<1.1.1.2> Construct [ID] for Phase 2
 * 326) 2013-07-27 18:53:26 : id payload constructed. type(4),ip(4.4.4.0),mask(255.255.255.0), prot(0), port(0)
 * 327) 2013-07-27 18:53:26 : IKE<1.1.1.2> construct QM HASH
 * 328) 2013-07-27 18:53:26 : IKE<1.1.1.2        > Xmit*: [HASH] [SA] [NONCE] [ID] [ID]                                                 ==>  Ph2 1st Packet Sent
 * 329) 2013-07-27 18:53:26 : IKE<1.1.1.2> Encrypt P2 payload (len 168)
 * 330) 2013-07-27 18:53:26 : IKE<1.1.1.2> Responder sending IPv4 IP 1.1.1.2/port 500
 * 331) 2013-07-27 18:53:26 : IKE<1.1.1.2> Send Phase 2 packet (len=172)
 * 332) 2013-07-27 18:53:26 : IKE<1.1.1.2> negotiating p2 -195084 seconds before SA expires
 * 333) 2013-07-27 18:53:26 : IKE<1.1.1.2> ike packet, len 200, action 0
 * 334) 2013-07-27 18:53:26 : IKE<1.1.1.2> Catcher: received 172 bytes from socket.
 * 335) 2013-07-27 18:53:26 : IKE<1.1.1.2> ****** Recv packet if <ethernet0/1> of vsys <Root> ******                                    ==>  Ph2 2nd Packet Received
 * 336) 2013-07-27 18:53:26 : IKE<1.1.1.2> Catcher: get 172 bytes. src port 500
 * 337) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   ISAKMP msg: len 172, nxp 8[HASH], exch 32[QM], flag 01  E
 * 338) 2013-07-27 18:53:26 : IKE<1.1.1.2> Decrypting payload (length 144)
 * 339) 2013-07-27 18:53:26 : IKE<1.1.1.2        > Recv*: [HASH] [SA] [NONCE] [ID] [ID]
 * 340) 2013-07-27 18:53:26 : valid id checking, id type:IP Subnet, len:16.
 * 341) 2013-07-27 18:53:26 : valid id checking, id type:IP Subnet, len:16.
 * 342) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   extract payload (144):
 * 343) 2013-07-27 18:53:26 : valid id checking, id type:IP Subnet, len:16.
 * 344) 2013-07-27 18:53:26 : valid id checking, id type:IP Subnet, len:16.
 * 345) 2013-07-27 18:53:26 : IKE<1.1.1.2> QM in state OAK_QM_SA_ACCEPT.
 * 346) 2013-07-27 18:53:26 : IKE<1.1.1.2> Process [SA]:
 * 347) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   Check P2 Proposal
 * 348) 2013-07-27 18:53:26 : IKE<1.1.1.2> SA life type = seconds
 * 349) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   SA life duration (TLV) = 0x 00 00 0e 10
 * 350) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   encap mode from peer = 1.
 * 351) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   encap mode after converting it to private value = 1.
 * 352) 2013-07-27 18:53:26 : IKE<1.1.1.2> Phase 2 received:
 * 353) 2013-07-27 18:53:26 : IKE<1.1.1.2> atts<00000003 00000000 00000002 00000001 00000001 00000000>
 * 354) 2013-07-27 18:53:26 : IKE<1.1.1.2> proto(3)<ESP>, esp(2)<ESP_DES>, auth(1)<MD5>, encap(1)<TUNNEL>, group(0)
 * 355) 2013-07-27 18:53:26 : IKE<1.1.1.2> P2 proposal [0] selected.
 * 356) 2013-07-27 18:53:26 : IKE<1.1.1.2> Process [NONCE]:
 * 357) 2013-07-27 18:53:26 : IKE<1.1.1.2> processing NONCE in phase 2.
 * 358) 2013-07-27 18:53:26 : IKE<1.1.1.2> Process [ID]:
 * 359) 2013-07-27 18:53:26 : IKE<1.1.1.2> Process [ID]:
 * 360) 2013-07-27 18:53:26 : IKE<1.1.1.2> Start by finding matching member SA (verify 0/0)
 * 361) 2013-07-27 18:53:26 : IKE<1.1.1.2> Verify sa: index 0
 * 362) 2013-07-27 18:53:26 : IKE<1.1.1.2> IKE: Matching policy: gw ip <1.1.1.2> peer entry id<0>
 * 363) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   protocol matched expected<0>.
 * 364) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   port matched expect l:<0>, r<0>.
 * 365) 2013-07-27 18:53:26 : ipvx = IPV4
 * 366) 2013-07-27 18:53:26 : rcv_local_addr = 3.3.3.0, rcv_local_mask = 255.255.255.0, p_rcv_local_real = 3.3.3.0
 * 367) 2013-07-27 18:53:26 : rcv_remote_addr = 4.4.4.0, rcv_remote_mask = 255.255.255.0, p_rcv_remote_real = 4.4.4.0
 * 368) 2013-07-27 18:53:26 : ike_p2_id->local_ip = 3.3.3.0, cfg_local_mask = 255.255.255.0, p_cfg_local_real = 3.3.3.0
 * 369) 2013-07-27 18:53:26 : ike_p2_id->remote_ip = 4.4.4.0, cfg_remote_mask = 255.255.255.0, p_cfg_remote_real = 4.4.4.0
 * 370) 2013-07-27 18:53:26 : IKE<1.1.1.2> Proxy ID match: Located matching Phase 2 SA <4>.
 * 371) 2013-07-27 18:53:26 : IKE<1.1.1.2> sa ID for phase 2 sa is <4>. IP version is 4.
 * 372) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   life (sec or kb): lcl 3600, peer 3600, set 3600.
 * 373) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   life (sec or kb): lcl 0, peer 0, set 0.
 * 374) 2013-07-27 18:53:26 : IKE<1.1.1.2> gen_qm_key
 * 375) 2013-07-27 18:53:26 : IKE<1.1.1.2> load_sa_keys: enter.
 * 376) 2013-07-27 18:53:26 : IKE<1.1.1.2> gen_qm_key
 * 377) 2013-07-27 18:53:26 : IKE<1.1.1.2> load_sa_keys: enter.
 * 378) 2013-07-27 18:53:26 : IKE<1.1.1.2> ikmpd.c 3962. sa ID for phase 2 sa is <4>. IP version is 4.
 * 379) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   SPI = 0, do not remove
 * 380) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   SPI = 0, do not remove
 * 381) 2013-07-27 18:53:26 : IKE<1.1.1.2> clean_all_sa_state_node_from_list->
 * 382) 2013-07-27 18:53:26 : IKE<1.1.1.2> no relocate earlier SA-state, not active.
 * 383) 2013-07-27 18:53:26 : IKE<1.1.1.2> key_modify: sa index <0> bk_idx <0>.
 * 384) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   insert_sa_state_to_spi_hash spi, sa_index<0>, Incoming
 * 385) 2013-07-27 18:53:26 : IKE<0.0.0.0        >   insert_sa_state_to_spi_hash spi, sa_index<0>, Outgoing
 * 386) 2013-07-27 18:53:26 : IKE<1.1.1.2> update acvpn flags for sa 0
 * 387) 2013-07-27 18:53:26 : IKE<1.1.1.2> update acvpn flags for sa 0 - 0x4000e3
 * 388) 2013-07-27 18:53:26 : IKE<1.1.1.2>  crypto_ctx 11, 8, 8, 8, 0, 0, 16, 0, 12, 48
 * 389) 2013-07-27 18:53:26 : IKE<1.1.1.2> modify esp tunnel: src (peer) ipv4 <1.1.1.2>
 * 390) 2013-07-27 18:53:26 : IKE<1.1.1.2> modifying esp tunnel: self <ipv4 1.1.1.1>
 * 391) 2013-07-27 18:53:26 : IKE<1.1.1.2> update auto NHTB status for sa 0
 * 392) 2013-07-27 18:53:26 : IKE<1.1.1.2> after mod, out nsptunnel.
 * 393) 2013-07-27 18:53:26 : IKE<1.1.1.2> Phase 2 msg-id : Completed Quick Mode negotiation with SPI, tunnel ID <4>, and lifetime seconds/<0> KB.
 * 394) 2013-07-27 18:53:26 : IKE<1.1.1.2> Application sa installed.
 * 395) 2013-07-27 18:53:26 : IKE<1.1.1.2> Phase 2 Initiator constructing 3rd(last) message.                                           ==>  Ph2 3rd Packet Prepared
 * 396) 2013-07-27 18:53:26 : IKE<1.1.1.2> oakley_final_qm:enter
 * 397) 2013-07-27 18:53:26 : IKE<1.1.1.2> Construct ISAKMP header.
 * 398) 2013-07-27 18:53:26 : IKE<1.1.1.2> Msg header built (next payload #8)
 * 399) 2013-07-27 18:53:26 : IKE<1.1.1.2> Construct [HASH] in QM
 * 400) 2013-07-27 18:53:26 : IKE<1.1.1.2> oakley_final_qm:exit
 * 401) 2013-07-27 18:53:26 : IKE<1.1.1.2        > Xmit*: [HASH]
 * 402) 2013-07-27 18:53:26 : IKE<1.1.1.2> Encrypt P2 payload (len 48)
 * 403) 2013-07-27 18:53:26 : IKE<1.1.1.2> Responder sending IPv4 IP 1.1.1.2/port 500
 * 404) 2013-07-27 18:53:26 : IKE<1.1.1.2> Send Phase 2 packet (len=52)
 * 405) 2013-07-27 18:53:26 : IKE<1.1.1.2> oakley_process_quick_mode:exit
 * 406) 2013-07-27 18:53:26 : IKE<1.1.1.2> IKE msg done: PKI state<0> IKE state<3/80522f>
 * 407) 2013-07-27 18:53:30 : IKE<1.1.1.2>   Delete conn entry...
 * 408) 2013-07-27 18:53:30 : IKE<1.1.1.2>  ...found conn entry(e5838c70)

FW1 get config
SSG320-.140-> get config set interface "ethernet0/1" zone "Untrust" set interface "loopback.1" zone "Trust" set interface ethernet0/1 ip 1.1.1.1/24 set interface loopback.1 ip 3.3.3.3/24 set ike gateway "vpn1" address 1.1.1.2 Main outgoing-interface "ethernet0/1" preshare "ffobK5U/NgSP1GsMhmCG7yC9HhnmpKigdw==" proposal "pre-g1-des-md5" set ike respond-bad-spi 1 set ike ikev2 ike-sa-soft-lifetime 60 set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 set vpn "vpn1" gateway "vpn1" no-replay tunnel idletime 0 proposal "nopfs-esp-des-md5" set vpn "vpn1" monitor rekey set policy id 10 from "Untrust" to "Trust" "4.4.4.0/24" "3.3.3.0/24" "ANY" tunnel vpn "vpn1" id 0x4 pair-policy 9 log set policy id 10 set policy id 9 from "Trust" to "Untrust" "3.3.3.0/24" "4.4.4.0/24" "ANY" tunnel vpn "vpn1" id 0x4 pair-policy 10 log set policy id 9 set route 4.4.4.0/24 interface ethernet0/1 gateway 1.1.1.2

FW1 get sa
SSG320-.140->get sa total configured sa: 1 HEX ID   Gateway         Port Algorithm     SPI      Life:sec kb Sta   PID vsys 00000004<        1.1.1.2  500 esp: des/md5  00000000 expir unlim I/I    10 0 00000004>        1.1.1.2  500 esp: des/md5  00000000 expir unlim I/I     9 0

SSG320-.140->get sa total configured sa: 1 HEX ID   Gateway         Port Algorithm     SPI      Life:sec kb Sta   PID vsys 00000004<        1.1.1.2  500 esp: des/md5  9f0446d1  3569 unlim A/U    10 0 00000004>        1.1.1.2  500 esp: des/md5  ff157fcb  3569 unlim A/U     9 0

FW1 get ike cookie
SSG320-.140-> get ike cookie

IKEv1 SA -- Active: 1, Dead: 0, Total 1

80522f/0003, 1.1.1.2:500->1.1.1.1:500, PRESHR/grp1/DES/MD5, xchg(2) (vpn1/grp-1/usr-1) resent-tmr 27746560 lifetime 28800 lt-recv 28800 nxt_rekey 28765 cert-expire 0 responder, err cnt 0, send dir 1, cond 0x0 nat-traversal map not available ike heartbeat             : disabled ike heartbeat last rcv time: 0 ike heartbeat last snd time: 0 XAUTH status: 0 DPD seq local 0, peer 0

IKEv2 SA -- Active: 0, Dead: 0, Total 0

FW1 get vpn
SSG320-.140-> get vpn Name           Gateway         Mode RPlay 1st Proposal         Monitor Use Cnt Interface --- --- -  --- --- --- vpn1            vpn1            tunl No    nopfs-esp-des-md5    on            2 eth0/1 Total Auto VPN: 1 Total Pure Transport Mode IPSEC VPN: 0

Name      Gateway         Interface       Lcl SPI  Rmt SPI  Algorithm        Monitor Tunnel ID -- --- ---    --- -- Total Manual VPN 0

=FW2 debug ike detail=

SSG520-> get db str SSG520->
 * 1) 2013-07-27 18:56:49 : sys_set_peer_vpn->
 * 2) 2013-07-27 18:56:49 : IKE<1.1.1.1> setIkeConfig->
 * 3) 2013-07-27 18:56:49 : peer_ent->peer_gw_ipaddr = 1.1.1.1, pVpnEntry->vpn_gateway = 1.1.1.1
 * 4) 2013-07-27 18:56:49 : peer_ent->peer_local_addr = 1.1.1.2
 * 5) 2013-07-27 18:56:49 : sys_modify_vpn->
 * 6) 2013-07-27 18:56:49 : IKE<0.0.0.0        >   VerifyP2Proposals->
 * 7) 2013-07-27 18:56:49 : IKE<1.1.1.1> mod vpn vpn2: SPI 0/0, passwd
 * 8) 2013-07-27 18:56:49 : IKE<1.1.1.1> vpn_modify->
 * 9) 2013-07-27 18:56:49 : IKE<1.1.1.1> fix_vpn_key->
 * 10) 2013-07-27 18:56:49 : IKE<1.1.1.1> fix_vpn_key exit
 * 11) 2013-07-27 18:56:49 : IKE<0.0.0.0        >   getProfileFromP2Proposal->
 * 12) 2013-07-27 18:56:49 : IKE<0.0.0.0        >   proposal[0] idx<1> proto<3> auth<1> encrypt<1>
 * 13) 2013-07-27 18:56:49 : IKE<0.0.0.0        >   0 profile[0]=<00000003 00000000 00000002 00000001 00000001 00000000>
 * 14) 2013-07-27 18:56:49 : IKE<1.1.1.1> update_sa->
 * 15) 2013-07-27 18:56:49 : IKE<1.1.1.1> update_sa_ipsec->
 * 16) 2013-07-27 18:56:49 : IKE<1.1.1.1> update_sa_ipsec: phase 2 idle time <0>.
 * 17) 2013-07-27 18:56:49 : IKE<1.1.1.1> update_sa_ipsec exit
 * 18) 2013-07-27 18:56:49 : IKE<1.1.1.1> update_sa_ipsec->
 * 19) 2013-07-27 18:56:49 : IKE<1.1.1.1> update_sa_ipsec: phase 2 idle time <0>.
 * 20) 2013-07-27 18:56:49 : IKE<1.1.1.1> update_sa_ipsec exit
 * 21) 2013-07-27 18:56:49 : IKE<1.1.1.1> update_sa exit
 * 22) 2013-07-27 18:56:49 : IKE<1.1.1.1> vpn modify sa: tunnel local v4 IP 1.1.1.2.
 * 23) 2013-07-27 18:56:49 : IKE<1.1.1.1> modify key, send delete if needed.
 * 24) 2013-07-27 18:56:49 : IKE<0.0.0.0        >   spi hash node removed: type<2>,spi ,ip<1.1.1.2>
 * 25) 2013-07-27 18:56:49 : IKE<0.0.0.0        >   spi hash node removed: type<2>,spi ,ip<1.1.1.1>
 * 26) 2013-07-27 18:56:49 : IKE<1.1.1.1> clean_all_sa_state_node_from_list->
 * 27) 2013-07-27 18:56:49 : IKE<1.1.1.1> no relocate earlier SA-state, not active.
 * 28) 2013-07-27 18:56:49 : IKE<1.1.1.1> key_modify: sa index <1> bk_idx <1>.
 * 29) 2013-07-27 18:56:49 : IKE<0.0.0.0        >   SPI = 0, do not insert
 * 30) 2013-07-27 18:56:49 : IKE<0.0.0.0        >   SPI = 0, do not insert
 * 31) 2013-07-27 18:56:49 : IKE<1.1.1.1> update acvpn flags for sa 1
 * 32) 2013-07-27 18:56:49 : IKE<1.1.1.1> update acvpn flags for sa 1 - 0x400020
 * 33) 2013-07-27 18:56:49 : IKE<1.1.1.1>  crypto_ctx 11, 8, 8, 8, 0, 0, 16, 0, 12, 48
 * 34) 2013-07-27 18:56:49 : IKE<1.1.1.1> modify esp tunnel: src (peer) ipv4 <1.1.1.1>
 * 35) 2013-07-27 18:56:49 : IKE<1.1.1.1> modifying esp tunnel: self <ipv4 1.1.1.2>
 * 36) 2013-07-27 18:56:49 : IKE<1.1.1.1> update auto NHTB status for sa 1
 * 37) 2013-07-27 18:56:49 : IKE<1.1.1.1> turning off monitor on the vpn.
 * 38) 2013-07-27 18:56:49 : IKE<1.1.1.1> vpn_modify exit 0
 * 39) 2013-07-27 18:56:49 : IKE<1.1.1.1> clear auto sa sent: 1
 * 40) 2013-07-27 18:56:49 : IKE<0.0.0.0        >   I got hit by mail. 1
 * 41) 2013-07-27 18:56:49 : IKE<1.1.1.1> clear sa recv: 1
 * 42) 2013-07-27 18:56:49 : IKE<1.1.1.1> deactive p2 sa 1 send_delete 1
 * 43) 2013-07-27 18:56:59 : IKE<1.1.1.1> clear auto sa sent: 1
 * 44) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   I got hit by mail. 1
 * 45) 2013-07-27 18:56:59 : IKE<1.1.1.1> clear sa recv: 1
 * 46) 2013-07-27 18:56:59 : IKE<1.1.1.1> deactive p2 sa 1 send_delete 1
 * 47) 2013-07-27 18:56:59 : IKE<1.1.1.1> ****** Recv kernel msg IDX-1, TYPE-5 ******
 * 48) 2013-07-27 18:56:59 : IKE<1.1.1.1> ****** Recv kernel msg IDX-1, TYPE-5 ******
 * 49) 2013-07-27 18:56:59 : IKE<1.1.1.1> sa orig index<1>, peer_id<1>.
 * 50) 2013-07-27 18:56:59 : IKE<1.1.1.1> isadb_get_entry_by_peer_and_local_if_port_p2sa isadb get entry by peer/local ip and port
 * 51) 2013-07-27 18:56:59 : IKE<1.1.1.1>   create sa: 1.1.1.2->1.1.1.1
 * 52) 2013-07-27 18:56:59 : getProfileFromP1Proposal->
 * 53) 2013-07-27 18:56:59 : find profile[0]=<00000001 00000001 00000001 00000001> for p1 proposal (id 0), xauth(0)
 * 54) 2013-07-27 18:56:59 : init p1sa, pidt = 0x0
 * 55) 2013-07-27 18:56:59 : change peer identity for p1 sa, pidt = 0x0
 * 56) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   peer_identity_create_with_uid: uid<0>
 * 57) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   create peer identity 0x257c614
 * 58) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   peer_identity_add_to_peer: num entry before add <1>
 * 59) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   peer_identity_add_to_peer: num entry after add <2>
 * 60) 2013-07-27 18:56:59 : peer identity 257c614 created.
 * 61) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   EDIPI disabled
 * 62) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase 1: Initiated negotiation in main mode. <1.1.1.2 => 1.1.1.1>
 * 63) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct ISAKMP header.
 * 64) 2013-07-27 18:56:59 : IKE<1.1.1.1> Msg header built (next payload #1)
 * 65) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct [SA] for ISAKMP
 * 66) 2013-07-27 18:56:59 : IKE<1.1.1.1> auth(1)<PRESHRD>, encr(1)<DES>, hash(1)<MD5>, group(1)
 * 67) 2013-07-27 18:56:59 : IKE<1.1.1.1> xauth attribute: disabled
 * 68) 2013-07-27 18:56:59 : IKE<1.1.1.1> lifetime/lifesize (28800/0)
 * 69) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   set_phase1_transform, dh_group(1).
 * 70) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct NetScreen [VID]
 * 71) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct custom [VID]
 * 72) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct custom [VID]
 * 73) 2013-07-27 18:56:59 : IKE<1.1.1.1        > Xmit : [SA] [VID] [VID] [VID]
 * 74) 2013-07-27 18:56:59 : IKE<1.1.1.1> Initiator sending IPv4 IP 1.1.1.1/port 500
 * 75) 2013-07-27 18:56:59 : IKE<1.1.1.1> Send Phase 1 packet (len=156)
 * 76) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase 2 task added
 * 77) 2013-07-27 18:56:59 : IKE<1.1.1.1> ike packet, len 184, action 0
 * 78) 2013-07-27 18:56:59 : IKE<1.1.1.1> Catcher: received 156 bytes from socket.
 * 79) 2013-07-27 18:56:59 : IKE<1.1.1.1> ****** Recv packet if <ethernet0/3> of vsys <Root> ******
 * 80) 2013-07-27 18:56:59 : IKE<1.1.1.1> Catcher: get 156 bytes. src port 500
 * 81) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   ISAKMP msg: len 156, nxp 1[SA], exch 2[MM], flag 00
 * 82) 2013-07-27 18:56:59 : IKE<1.1.1.1        > Recv : [SA] [VID] [VID] [VID]
 * 83) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   extract payload (128):
 * 84) 2013-07-27 18:56:59 : IKE<1.1.1.1> MM in state OAK_MM_NO_STATE.
 * 85) 2013-07-27 18:56:59 : IKE<1.1.1.1> Process [VID]:
 * 86) 2013-07-27 18:56:59 : IKE<1.1.1.1        >   Vendor ID:
 * 87) 2013-07-27 18:56:59 : c3 28 9f 97 ea dc 9d 4f  2a 9e 7a 81 8f 1e 2a fe
 * 88) 2013-07-27 18:56:59 : c7 52 b3 52 18 00 00 00  1e 06 00 00
 * 89) 2013-07-27 18:56:59 : IKE<1.1.1.1> peer is an NetScreen box, model=SSG-320M, ver=6.30
 * 90) 2013-07-27 18:56:59 : IKE<1.1.1.1> Process [VID]:
 * 91) 2013-07-27 18:56:59 : IKE<1.1.1.1        >   Vendor ID:
 * 92) 2013-07-27 18:56:59 : af ca d7 13 68 a1 f1 c9  6b 86 96 fc 77 57 01 00
 * 93) 2013-07-27 18:56:59 : IKE<1.1.1.1> Process [VID]:
 * 94) 2013-07-27 18:56:59 : IKE<1.1.1.1        >   Vendor ID:
 * 95) 2013-07-27 18:56:59 : 48 65 61 72 74 42 65 61  74 5f 4e 6f 74 69 66 79
 * 96) 2013-07-27 18:56:59 : 38 6b 01 00
 * 97) 2013-07-27 18:56:59 : IKE<1.1.1.1> rcv HeartBeat vid, ver 1.0
 * 98) 2013-07-27 18:56:59 : IKE<1.1.1.1> Process [SA]:
 * 99) 2013-07-27 18:56:59 : IKE<1.1.1.1> Proposal received: xauthflag 0
 * 100) 2013-07-27 18:56:59 : IKE<1.1.1.1> auth(1)<PRESHRD>, encr(1)<DES>, hash(1)<MD5>, group(1)
 * 101) 2013-07-27 18:56:59 : IKE<1.1.1.1> xauth attribute: disabled
 * 102) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase 1 proposal [0] selected.
 * 103) 2013-07-27 18:56:59 : IKE<1.1.1.1> SA Life Type = seconds
 * 104) 2013-07-27 18:56:59 : IKE<1.1.1.1> SA lifetime (TV) = 28800
 * 105) 2013-07-27 18:56:59 : IKE<1.1.1.1> DH_BG_consume OK. p1 resp
 * 106) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase 1 MM Initiator constructing 3rd message.
 * 107) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct ISAKMP header.
 * 108) 2013-07-27 18:56:59 : IKE<1.1.1.1> Msg header built (next payload #4)
 * 109) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct [KE] for ISAKMP
 * 110) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct [NONCE]
 * 111) 2013-07-27 18:56:59 : IKE<1.1.1.1        > Xmit : [KE] [NONCE]
 * 112) 2013-07-27 18:56:59 : IKE<1.1.1.1> Initiator sending IPv4 IP 1.1.1.1/port 500
 * 113) 2013-07-27 18:56:59 : IKE<1.1.1.1> Send Phase 1 packet (len=164)
 * 114) 2013-07-27 18:56:59 : IKE<1.1.1.1> IKE msg done: PKI state<0> IKE state<1/804207>
 * 115) 2013-07-27 18:56:59 : IKE<1.1.1.1> ike packet, len 192, action 0
 * 116) 2013-07-27 18:56:59 : IKE<1.1.1.1> Catcher: received 164 bytes from socket.
 * 117) 2013-07-27 18:56:59 : IKE<1.1.1.1> ****** Recv packet if <ethernet0/3> of vsys <Root> ******
 * 118) 2013-07-27 18:56:59 : IKE<1.1.1.1> Catcher: get 164 bytes. src port 500
 * 119) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   ISAKMP msg: len 164, nxp 4[KE], exch 2[MM], flag 00
 * 120) 2013-07-27 18:56:59 : IKE<1.1.1.1        > Recv : [KE] [NONCE]
 * 121) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   extract payload (136):
 * 122) 2013-07-27 18:56:59 : IKE<1.1.1.1> MM in state OAK_MM_SA_SETUP.
 * 123) 2013-07-27 18:56:59 : IKE<1.1.1.1> Process [KE]:
 * 124) 2013-07-27 18:56:59 : IKE<1.1.1.1> processing ISA_KE in phase 1.
 * 125) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase1: his_DH_pub_len is 96
 * 126) 2013-07-27 18:56:59 : IKE<1.1.1.1> Process [NONCE]:
 * 127) 2013-07-27 18:56:59 : IKE<1.1.1.1> processing NONCE in phase 1.
 * 128) 2013-07-27 18:56:59 : IKE<1.1.1.1> IKE msg done: PKI state<0> IKE state<1/a80420f>
 * 129) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   finished job pkaidx <0> dh_len<96> dmax<64>
 * 130) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   finished job d
 * 131) 2013-07-27 18:56:59 : IKE<1.1.1.1> gen_skeyid
 * 132) 2013-07-27 18:56:59 : IKE<1.1.1.1> gen_skeyid: returning 0
 * 133) 2013-07-27 18:56:59 : IKE<1.1.1.1> MM in state OAK_MM_SA_SETUP.
 * 134) 2013-07-27 18:56:59 : IKE<1.1.1.1> re-enter MM after offline DH done
 * 135) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase 1 MM Initiator constructing 5th message.
 * 136) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct ISAKMP header.
 * 137) 2013-07-27 18:56:59 : IKE<1.1.1.1> Msg header built (next payload #5)
 * 138) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct [ID] for ISAKMP
 * 139) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct [HASH]
 * 140) 2013-07-27 18:56:59 : IKE<1.1.1.1> ID, len=8, type=1, pro=17, port=500,
 * 141) 2013-07-27 18:56:59 : IKE<1.1.1.1> addr=1.1.1.2
 * 142) 2013-07-27 18:56:59 : IKE<1.1.1.1> throw packet to the peer, paket_len=60
 * 143) 2013-07-27 18:56:59 : IKE<1.1.1.1        > Xmit*: [ID] [HASH]
 * 144) 2013-07-27 18:56:59 : IKE<1.1.1.1> Encrypt P1 payload (len 60)
 * 145) 2013-07-27 18:56:59 : IKE<1.1.1.1> Initiator sending IPv4 IP 1.1.1.1/port 500
 * 146) 2013-07-27 18:56:59 : IKE<1.1.1.1> Send Phase 1 packet (len=68)
 * 147) 2013-07-27 18:56:59 : IKE<1.1.1.1> ike packet, len 96, action 0
 * 148) 2013-07-27 18:56:59 : IKE<1.1.1.1> Catcher: received 68 bytes from socket.
 * 149) 2013-07-27 18:56:59 : IKE<1.1.1.1> ****** Recv packet if <ethernet0/3> of vsys <Root> ******
 * 150) 2013-07-27 18:56:59 : IKE<1.1.1.1> Catcher: get 68 bytes. src port 500
 * 151) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   ISAKMP msg: len 68, nxp 5[ID], exch 2[MM], flag 01  E
 * 152) 2013-07-27 18:56:59 : IKE<1.1.1.1> Decrypting payload (length 40)
 * 153) 2013-07-27 18:56:59 : IKE<1.1.1.1        > Recv*: [ID] [HASH]
 * 154) 2013-07-27 18:56:59 : valid id checking, id type:IP Address, len:12.
 * 155) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   extract payload (40):
 * 156) 2013-07-27 18:56:59 : valid id checking, id type:IP Address, len:12.
 * 157) 2013-07-27 18:56:59 : IKE<1.1.1.1> MM in state OAK_MM_KEY_EXCH.
 * 158) 2013-07-27 18:56:59 : IKE<1.1.1.1> Process [ID]:
 * 159) 2013-07-27 18:56:59 : IKE<1.1.1.1> ID received: type=ID_IPV4_ADDR, ip = 1.1.1.1, port=500, protocol=17
 * 160) 2013-07-27 18:56:59 : IKE<1.1.1.1> peer gateway entry has no peer id configured
 * 161) 2013-07-27 18:56:59 : IKE<1.1.1.1> ID processed. return 0. sa->p1_state = 2.
 * 162) 2013-07-27 18:56:59 : IKE<1.1.1.1> Process [HASH]:
 * 163) 2013-07-27 18:56:59 : IKE<1.1.1.1> ID, len=8, type=1, pro=17, port=500,
 * 164) 2013-07-27 18:56:59 : IKE<1.1.1.1> addr=1.1.1.1
 * 165) 2013-07-27 18:56:59 : IKE<1.1.1.1> completing Phase 1
 * 166) 2013-07-27 18:56:59 : IKE<1.1.1.1> sa_pidt = 257c614
 * 167) 2013-07-27 18:56:59 : IKE<1.1.1.1> found existing peer identity 257c360
 * 168) 2013-07-27 18:56:59 : IKE<1.1.1.1> peer_identity_unregister_p1_sa.
 * 169) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   delete peer identity 0x257c614
 * 170) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   peer_identity_remove_from_peer: num entry before remove <2>
 * 171) 2013-07-27 18:56:59 : IKE<1.1.1.1> peer_idt.c peer_identity_unregister_p1_sa 686: pidt deleted.
 * 172) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase 1: Completed Main mode negotiation with a -second lifetime.
 * 173) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase 2: Initiated Quick Mode negotiation.
 * 174) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase-2: start quick mode negotiation
 * 175) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase-2: no tunnel interface binding for Modecfg IPv4 address.
 * 176) 2013-07-27 18:56:59 : IKE<1.1.1.1> Create conn entry...
 * 177) 2013-07-27 18:56:59 : IKE<1.1.1.1>   ...done(new 708c83e5)
 * 178) 2013-07-27 18:56:59 : IKE<1.1.1.1> Initiator not set commit bit on 1st QM.
 * 179) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   add sa list for msg id
 * 180) 2013-07-27 18:56:59 : IKE<1.1.1.1> get_unique_spi 0, 4279599054, ff157fce
 * 181) 2013-07-27 18:56:59 : IKE<1.1.1.1> 0,0/0(0)/spi(ce7f15ff)/keylen(0)
 * 182) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct ISAKMP header.
 * 183) 2013-07-27 18:56:59 : IKE<1.1.1.1> Msg header built (next payload #8)
 * 184) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct [HASH]
 * 185) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct [SA] for IPSEC
 * 186) 2013-07-27 18:56:59 : IKE<1.1.1.1> Set IPSEC SA attrs: lifetime(3600/0)
 * 187) 2013-07-27 18:56:59 : IKE<1.1.1.1> atts<00000003 00000000 00000002 00000001 00000001 00000000>
 * 188) 2013-07-27 18:56:59 : IKE<1.1.1.1> proto(3)<ESP>, esp(2)<ESP_DES>, auth(1)<MD5>, encap(1)<TUNNEL>, group(0)
 * 189) 2013-07-27 18:56:59 : IKE<1.1.1.1> Before NAT-T attr unmap: private tunnel = 1.
 * 190) 2013-07-27 18:56:59 : IKE<1.1.1.1> After NAT-T attr unmap: private tunnel = 1.
 * 191) 2013-07-27 18:56:59 : IKE<1.1.1.1> Policy have separate SA. Use P2 ID from policy sa (4).
 * 192) 2013-07-27 18:56:59 : IKE<1.1.1.1> Initiator P2 ID built: .9=
 * 193) 2013-07-27 18:56:59 : IKE<1.1.1.1> Responder P2 ID built: .9=
 * 194) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct [NONCE] for IPSec
 * 195) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct [ID] for Phase 2
 * 196) 2013-07-27 18:56:59 : id payload constructed. type(4),ip(4.4.4.0),mask(255.255.255.0), prot(0), port(0)
 * 197) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct [ID] for Phase 2
 * 198) 2013-07-27 18:56:59 : id payload constructed. type(4),ip(3.3.3.0),mask(255.255.255.0), prot(0), port(0)
 * 199) 2013-07-27 18:56:59 : IKE<1.1.1.1> construct QM HASH
 * 200) 2013-07-27 18:56:59 : IKE<1.1.1.1        > Xmit*: [HASH] [SA] [NONCE] [ID] [ID]
 * 201) 2013-07-27 18:56:59 : IKE<1.1.1.1> Encrypt P2 payload (len 168)
 * 202) 2013-07-27 18:56:59 : IKE<1.1.1.1> Initiator sending IPv4 IP 1.1.1.1/port 500
 * 203) 2013-07-27 18:56:59 : IKE<1.1.1.1> Send Phase 2 packet (len=172)
 * 204) 2013-07-27 18:56:59 : IKE<1.1.1.1> IKE msg done: PKI state<0> IKE state<3/80522f>
 * 205) 2013-07-27 18:56:59 : IKE<1.1.1.1> ike packet, len 200, action 0
 * 206) 2013-07-27 18:56:59 : IKE<1.1.1.1> Catcher: received 172 bytes from socket.
 * 207) 2013-07-27 18:56:59 : IKE<1.1.1.1> ****** Recv packet if <ethernet0/3> of vsys <Root> ******
 * 208) 2013-07-27 18:56:59 : IKE<1.1.1.1> Catcher: get 172 bytes. src port 500
 * 209) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   ISAKMP msg: len 172, nxp 8[HASH], exch 32[QM], flag 01  E
 * 210) 2013-07-27 18:56:59 : IKE<1.1.1.1> Decrypting payload (length 144)
 * 211) 2013-07-27 18:56:59 : IKE<1.1.1.1        > Recv*: [HASH] [SA] [NONCE] [ID] [ID]
 * 212) 2013-07-27 18:56:59 : valid id checking, id type:IP Subnet, len:16.
 * 213) 2013-07-27 18:56:59 : valid id checking, id type:IP Subnet, len:16.
 * 214) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   extract payload (144):
 * 215) 2013-07-27 18:56:59 : valid id checking, id type:IP Subnet, len:16.
 * 216) 2013-07-27 18:56:59 : valid id checking, id type:IP Subnet, len:16.
 * 217) 2013-07-27 18:56:59 : IKE<1.1.1.1> QM in state OAK_QM_SA_ACCEPT.
 * 218) 2013-07-27 18:56:59 : IKE<1.1.1.1> Process [SA]:
 * 219) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   Check P2 Proposal
 * 220) 2013-07-27 18:56:59 : IKE<1.1.1.1> SA life type = seconds
 * 221) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   SA life duration (TLV) = 0x 00 00 0e 10
 * 222) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   encap mode from peer = 1.
 * 223) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   encap mode after converting it to private value = 1.
 * 224) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase 2 received:
 * 225) 2013-07-27 18:56:59 : IKE<1.1.1.1> atts<00000003 00000000 00000002 00000001 00000001 00000000>
 * 226) 2013-07-27 18:56:59 : IKE<1.1.1.1> proto(3)<ESP>, esp(2)<ESP_DES>, auth(1)<MD5>, encap(1)<TUNNEL>, group(0)
 * 227) 2013-07-27 18:56:59 : IKE<1.1.1.1> P2 proposal [0] selected.
 * 228) 2013-07-27 18:56:59 : IKE<1.1.1.1> Process [NONCE]:
 * 229) 2013-07-27 18:56:59 : IKE<1.1.1.1> processing NONCE in phase 2.
 * 230) 2013-07-27 18:56:59 : IKE<1.1.1.1> Process [ID]:
 * 231) 2013-07-27 18:56:59 : IKE<1.1.1.1> Process [ID]:
 * 232) 2013-07-27 18:56:59 : IKE<1.1.1.1> xauth_cleanup
 * 233) 2013-07-27 18:56:59 : IKE<1.1.1.1> Done cleaning up IKE Phase 1 SA
 * 234) 2013-07-27 18:56:59 : IKE<1.1.1.1> Start by finding matching member SA (verify 1/1)
 * 235) 2013-07-27 18:56:59 : IKE<1.1.1.1> Verify sa: index 1
 * 236) 2013-07-27 18:56:59 : IKE<1.1.1.1> IKE: Matching policy: gw ip <1.1.1.1> peer entry id<0>
 * 237) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   protocol matched expected<0>.
 * 238) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   port matched expect l:<0>, r<0>.
 * 239) 2013-07-27 18:56:59 : ipvx = IPV4
 * 240) 2013-07-27 18:56:59 : rcv_local_addr = 4.4.4.0, rcv_local_mask = 255.255.255.0, p_rcv_local_real = 4.4.4.0
 * 241) 2013-07-27 18:56:59 : rcv_remote_addr = 3.3.3.0, rcv_remote_mask = 255.255.255.0, p_rcv_remote_real = 3.3.3.0
 * 242) 2013-07-27 18:56:59 : ike_p2_id->local_ip = 4.4.4.0, cfg_local_mask = 255.255.255.0, p_cfg_local_real = 4.4.4.0
 * 243) 2013-07-27 18:56:59 : ike_p2_id->remote_ip = 3.3.3.0, cfg_remote_mask = 255.255.255.0, p_cfg_remote_real = 3.3.3.0
 * 244) 2013-07-27 18:56:59 : IKE<1.1.1.1> Proxy ID match: Located matching Phase 2 SA <4>.
 * 245) 2013-07-27 18:56:59 : IKE<1.1.1.1> sa ID for phase 2 sa is <4>. IP version is 4.
 * 246) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   life (sec or kb): lcl 3600, peer 3600, set 3600.
 * 247) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   life (sec or kb): lcl 0, peer 0, set 0.
 * 248) 2013-07-27 18:56:59 : IKE<1.1.1.1> gen_qm_key
 * 249) 2013-07-27 18:56:59 : IKE<1.1.1.1> load_sa_keys: enter.
 * 250) 2013-07-27 18:56:59 : IKE<1.1.1.1> gen_qm_key
 * 251) 2013-07-27 18:56:59 : IKE<1.1.1.1> load_sa_keys: enter.
 * 252) 2013-07-27 18:56:59 : IKE<1.1.1.1> ikmpd.c 3999. sa ID for phase 2 sa is <4>. IP version is 4.
 * 253) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   SPI = 0, do not remove
 * 254) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   SPI = 0, do not remove
 * 255) 2013-07-27 18:56:59 : IKE<1.1.1.1> clean_all_sa_state_node_from_list->
 * 256) 2013-07-27 18:56:59 : IKE<1.1.1.1> no relocate earlier SA-state, not active.
 * 257) 2013-07-27 18:56:59 : IKE<1.1.1.1> key_modify: sa index <1> bk_idx <1>.
 * 258) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   insert_sa_state_to_spi_hash spi, sa_index<1>, Incoming
 * 259) 2013-07-27 18:56:59 : IKE<0.0.0.0        >   insert_sa_state_to_spi_hash spi, sa_index<1>, Outgoing
 * 260) 2013-07-27 18:56:59 : IKE<1.1.1.1> update acvpn flags for sa 1
 * 261) 2013-07-27 18:56:59 : IKE<1.1.1.1> update acvpn flags for sa 1 - 0x4000e3
 * 262) 2013-07-27 18:56:59 : IKE<1.1.1.1>  crypto_ctx 11, 8, 8, 8, 0, 0, 16, 0, 12, 48
 * 263) 2013-07-27 18:56:59 : IKE<1.1.1.1> modify esp tunnel: src (peer) ipv4 <1.1.1.1>
 * 264) 2013-07-27 18:56:59 : IKE<1.1.1.1> modifying esp tunnel: self <ipv4 1.1.1.2>
 * 265) 2013-07-27 18:56:59 : IKE<1.1.1.1> update auto NHTB status for sa 1
 * 266) 2013-07-27 18:56:59 : IKE<1.1.1.1> after mod, out nsptunnel.
 * 267) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase 2 msg-id : Completed Quick Mode negotiation with SPI, tunnel ID <4>, and lifetime seconds/<0> KB.
 * 268) 2013-07-27 18:56:59 : IKE<1.1.1.1> Application sa installed.
 * 269) 2013-07-27 18:56:59 : IKE<1.1.1.1> Phase 2 Initiator constructing 3rd(last) message.
 * 270) 2013-07-27 18:56:59 : IKE<1.1.1.1> oakley_final_qm:enter
 * 271) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct ISAKMP header.
 * 272) 2013-07-27 18:56:59 : IKE<1.1.1.1> Msg header built (next payload #8)
 * 273) 2013-07-27 18:56:59 : IKE<1.1.1.1> Construct [HASH] in QM
 * 274) 2013-07-27 18:56:59 : IKE<1.1.1.1> oakley_final_qm:exit
 * 275) 2013-07-27 18:56:59 : IKE<1.1.1.1        > Xmit*: [HASH]
 * 276) 2013-07-27 18:56:59 : IKE<1.1.1.1> Encrypt P2 payload (len 48)
 * 277) 2013-07-27 18:56:59 : IKE<1.1.1.1> Initiator sending IPv4 IP 1.1.1.1/port 500
 * 278) 2013-07-27 18:56:59 : IKE<1.1.1.1> Send Phase 2 packet (len=52)
 * 279) 2013-07-27 18:56:59 : IKE<1.1.1.1> oakley_process_quick_mode:exit
 * 280) 2013-07-27 18:56:59 : IKE<1.1.1.1> IKE msg done: PKI state<0> IKE state<3/80522f>
 * 281) 2013-07-27 18:57:02 : IKE<0.0.0.0        >   finished job pkaidx <0> dh_len<96> dmax<64>
 * 282) 2013-07-27 18:57:02 : IKE<0.0.0.0        >   finished job d
 * 283) 2013-07-27 18:57:02 : IKE<0.0.0.0        > BN, top24 dmax64 zero<no>
 * 284) 2013-07-27 18:57:22 : IKE<1.1.1.1> ike packet, len 96, action 0
 * 285) 2013-07-27 18:57:22 : IKE<1.1.1.1> Catcher: received 68 bytes from socket.
 * 286) 2013-07-27 18:57:22 : IKE<1.1.1.1> ****** Recv packet if <ethernet0/3> of vsys <Root> ******
 * 287) 2013-07-27 18:57:22 : IKE<1.1.1.1> Catcher: get 68 bytes. src port 500
 * 288) 2013-07-27 18:57:22 : IKE<0.0.0.0        >   ISAKMP msg: len 68, nxp 8[HASH], exch 5[INFO], flag 01  E
 * 289) 2013-07-27 18:57:22 : IKE<1.1.1.1> Create conn entry...
 * 290) 2013-07-27 18:57:22 : IKE<1.1.1.1>   ...done(new 7738ad33)
 * 291) 2013-07-27 18:57:22 : IKE<1.1.1.1> Decrypting payload (length 40)
 * 292) 2013-07-27 18:57:22 : IKE<1.1.1.1        > Recv*: [HASH] [DELETE]
 * 293) 2013-07-27 18:57:22 : IKE<1.1.1.1> Process [DELETE]:
 * 294) 2013-07-27 18:57:22 : IKE<1.1.1.1> ipsec del msg received, (SA1 d546049f) deleted.
 * 295) 2013-07-27 18:57:22 : IKE<1.1.1.1> clean_all_sa_state_node_from_list->
 * 296) 2013-07-27 18:57:22 : IKE<1.1.1.1>   Delete conn entry...
 * 297) 2013-07-27 18:57:22 : IKE<1.1.1.1>  ...found conn entry(33ad3877)
 * 298) 2013-07-27 18:57:22 : IKE<1.1.1.1> IKE msg done: PKI state<0> IKE state<3/80522f>
 * 299) 2013-07-27 18:57:24 : IKE<1.1.1.1> ike packet, len 200, action 0
 * 300) 2013-07-27 18:57:24 : IKE<1.1.1.1> Catcher: received 172 bytes from socket.
 * 301) 2013-07-27 18:57:24 : IKE<1.1.1.1> ****** Recv packet if <ethernet0/3> of vsys <Root> ******
 * 302) 2013-07-27 18:57:24 : IKE<1.1.1.1> Catcher: get 172 bytes. src port 500
 * 303) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   ISAKMP msg: len 172, nxp 8[HASH], exch 32[QM], flag 01  E
 * 304) 2013-07-27 18:57:24 : IKE<1.1.1.1> Create conn entry...
 * 305) 2013-07-27 18:57:24 : IKE<1.1.1.1>   ...done(new a6261908)
 * 306) 2013-07-27 18:57:24 : IKE<1.1.1.1> Phase 2 msg-id : Responded to the first peer message.
 * 307) 2013-07-27 18:57:24 : IKE<1.1.1.1> Decrypting payload (length 144)
 * 308) 2013-07-27 18:57:24 : IKE<1.1.1.1        > Recv*: [HASH] [SA] [NONCE] [ID] [ID]
 * 309) 2013-07-27 18:57:24 : valid id checking, id type:IP Subnet, len:16.
 * 310) 2013-07-27 18:57:24 : valid id checking, id type:IP Subnet, len:16.
 * 311) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   extract payload (144):
 * 312) 2013-07-27 18:57:24 : valid id checking, id type:IP Subnet, len:16.
 * 313) 2013-07-27 18:57:24 : valid id checking, id type:IP Subnet, len:16.
 * 314) 2013-07-27 18:57:24 : IKE<1.1.1.1> QM in state OAK_QM_SA_ACCEPT.
 * 315) 2013-07-27 18:57:24 : IKE<1.1.1.1> Start by finding matching member SA (verify -1/-1)
 * 316) 2013-07-27 18:57:24 : IKE<1.1.1.1> IKE: Matching policy: gw ip <1.1.1.1> peer entry id<0>
 * 317) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   protocol matched expected<0>.
 * 318) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   port matched expect l:<0>, r<0>.
 * 319) 2013-07-27 18:57:24 : ipvx = IPV4
 * 320) 2013-07-27 18:57:24 : rcv_local_addr = 4.4.4.0, rcv_local_mask = 255.255.255.0, p_rcv_local_real = 4.4.4.0
 * 321) 2013-07-27 18:57:24 : rcv_remote_addr = 3.3.3.0, rcv_remote_mask = 255.255.255.0, p_rcv_remote_real = 3.3.3.0
 * 322) 2013-07-27 18:57:24 : ike_p2_id->local_ip = 4.4.4.0, cfg_local_mask = 255.255.255.0, p_cfg_local_real = 4.4.4.0
 * 323) 2013-07-27 18:57:24 : ike_p2_id->remote_ip = 3.3.3.0, cfg_remote_mask = 255.255.255.0, p_cfg_remote_real = 3.3.3.0
 * 324) 2013-07-27 18:57:24 : IKE<1.1.1.1> Proxy ID match: Located matching Phase 2 SA <4>.
 * 325) 2013-07-27 18:57:24 : IKE<1.1.1.1> Process [SA]:
 * 326) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   Check P2 Proposal
 * 327) 2013-07-27 18:57:24 : IKE<1.1.1.1> SA life type = seconds
 * 328) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   SA life duration (TLV) = 0x 00 00 0e 10
 * 329) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   encap mode from peer = 1.
 * 330) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   encap mode after converting it to private value = 1.
 * 331) 2013-07-27 18:57:24 : IKE<1.1.1.1> Phase 2 received:
 * 332) 2013-07-27 18:57:24 : IKE<1.1.1.1> atts<00000003 00000000 00000002 00000001 00000001 00000000>
 * 333) 2013-07-27 18:57:24 : IKE<1.1.1.1> proto(3)<ESP>, esp(2)<ESP_DES>, auth(1)<MD5>, encap(1)<TUNNEL>, group(0)
 * 334) 2013-07-27 18:57:24 : IKE<1.1.1.1> P2 proposal [0] selected.
 * 335) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   add sa list for msg id
 * 336) 2013-07-27 18:57:24 : IKE<1.1.1.1> get_unique_spi 0, 4279599055, ff157fcf
 * 337) 2013-07-27 18:57:24 : IKE<1.1.1.1> Process [NONCE]:
 * 338) 2013-07-27 18:57:24 : IKE<1.1.1.1> processing NONCE in phase 2.
 * 339) 2013-07-27 18:57:24 : IKE<1.1.1.1> Process [ID]:
 * 340) 2013-07-27 18:57:24 : IKE<1.1.1.1> Process [ID]:
 * 341) 2013-07-27 18:57:24 : IKE<1.1.1.1> Phase 2 Responder constructing 2nd message.
 * 342) 2013-07-27 18:57:24 : IKE<1.1.1.1> Construct ISAKMP header.
 * 343) 2013-07-27 18:57:24 : IKE<1.1.1.1> Msg header built (next payload #8)
 * 344) 2013-07-27 18:57:24 : IKE<1.1.1.1> Construct [HASH]
 * 345) 2013-07-27 18:57:24 : IKE<1.1.1.1> Construct [SA] for IPSEC
 * 346) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   Set IPSEC SA attrs tunnel(1) MD5 grp0 lifetime(3600/0)
 * 347) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   Before NAT-T attr unmap: P2 prop tunnel = 1.
 * 348) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   After NAT-T attr unmap: P2 prop tunnel = 1.
 * 349) 2013-07-27 18:57:24 : IKE<1.1.1.1> Initiator P2 ID built: .B..
 * 350) 2013-07-27 18:57:24 : IKE<1.1.1.1> Responder P2 ID built: .B..
 * 351) 2013-07-27 18:57:24 : IKE<1.1.1.1> Construct [NONCE] for IPSec
 * 352) 2013-07-27 18:57:24 : IKE<1.1.1.1> Construct [ID] for Phase 2
 * 353) 2013-07-27 18:57:24 : id payload constructed. type(4),ip(3.3.3.0),mask(255.255.255.0), prot(0), port(0)
 * 354) 2013-07-27 18:57:24 : IKE<1.1.1.1> Construct [ID] for Phase 2
 * 355) 2013-07-27 18:57:24 : id payload constructed. type(4),ip(4.4.4.0),mask(255.255.255.0), prot(0), port(0)
 * 356) 2013-07-27 18:57:24 : IKE<1.1.1.1> construct QM HASH
 * 357) 2013-07-27 18:57:24 : IKE<1.1.1.1        > Xmit*: [HASH] [SA] [NONCE] [ID] [ID]
 * 358) 2013-07-27 18:57:24 : IKE<1.1.1.1> Encrypt P2 payload (len 168)
 * 359) 2013-07-27 18:57:24 : IKE<1.1.1.1> Initiator sending IPv4 IP 1.1.1.1/port 500
 * 360) 2013-07-27 18:57:24 : IKE<1.1.1.1> Send Phase 2 packet (len=172)
 * 361) 2013-07-27 18:57:24 : IKE<1.1.1.1> oakley_process_quick_mode:exit
 * 362) 2013-07-27 18:57:24 : IKE<1.1.1.1> IKE msg done: PKI state<0> IKE state<3/80522f>
 * 363) 2013-07-27 18:57:24 : IKE<1.1.1.1> ike packet, len 80, action 0
 * 364) 2013-07-27 18:57:24 : IKE<1.1.1.1> Catcher: received 52 bytes from socket.
 * 365) 2013-07-27 18:57:24 : IKE<1.1.1.1> ****** Recv packet if <ethernet0/3> of vsys <Root> ******
 * 366) 2013-07-27 18:57:24 : IKE<1.1.1.1> Catcher: get 52 bytes. src port 500
 * 367) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   ISAKMP msg: len 52, nxp 8[HASH], exch 32[QM], flag 01  E
 * 368) 2013-07-27 18:57:24 : IKE<1.1.1.1> Decrypting payload (length 24)
 * 369) 2013-07-27 18:57:24 : IKE<1.1.1.1        > Recv*: [HASH]
 * 370) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   extract payload (24):
 * 371) 2013-07-27 18:57:24 : IKE<1.1.1.1> QM in state OAK_QM_AUTH_AWAIT.
 * 372) 2013-07-27 18:57:24 : IKE<1.1.1.1> Start by finding matching member SA (verify 1/1)
 * 373) 2013-07-27 18:57:24 : IKE<1.1.1.1> Verify sa: index 1
 * 374) 2013-07-27 18:57:24 : IKE<1.1.1.1> IKE: Matching policy: gw ip <1.1.1.1> peer entry id<0>
 * 375) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   protocol matched expected<0>.
 * 376) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   port matched expect l:<0>, r<0>.
 * 377) 2013-07-27 18:57:24 : ipvx = IPV4
 * 378) 2013-07-27 18:57:24 : rcv_local_addr = 4.4.4.0, rcv_local_mask = 255.255.255.0, p_rcv_local_real = 4.4.4.0
 * 379) 2013-07-27 18:57:24 : rcv_remote_addr = 3.3.3.0, rcv_remote_mask = 255.255.255.0, p_rcv_remote_real = 3.3.3.0
 * 380) 2013-07-27 18:57:24 : ike_p2_id->local_ip = 4.4.4.0, cfg_local_mask = 255.255.255.0, p_cfg_local_real = 4.4.4.0
 * 381) 2013-07-27 18:57:24 : ike_p2_id->remote_ip = 3.3.3.0, cfg_remote_mask = 255.255.255.0, p_cfg_remote_real = 3.3.3.0
 * 382) 2013-07-27 18:57:24 : IKE<1.1.1.1> Proxy ID match: Located matching Phase 2 SA <4>.
 * 383) 2013-07-27 18:57:24 : IKE<1.1.1.1> sa ID for phase 2 sa is <4>. IP version is 4.
 * 384) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   life (sec or kb): lcl 3600, peer 3600, set 3600.
 * 385) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   life (sec or kb): lcl 0, peer 0, set 0.
 * 386) 2013-07-27 18:57:24 : IKE<1.1.1.1> gen_qm_key
 * 387) 2013-07-27 18:57:24 : IKE<1.1.1.1> load_sa_keys: enter.
 * 388) 2013-07-27 18:57:24 : IKE<1.1.1.1> gen_qm_key
 * 389) 2013-07-27 18:57:24 : IKE<1.1.1.1> load_sa_keys: enter.
 * 390) 2013-07-27 18:57:24 : IKE<1.1.1.1> ikmpd.c 3999. sa ID for phase 2 sa is <4>. IP version is 4.
 * 391) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   spi hash node removed: type<2>,spi ,ip<1.1.1.2>
 * 392) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   spi hash node removed: type<2>,spi ,ip<1.1.1.1>
 * 393) 2013-07-27 18:57:24 : IKE<1.1.1.1> clean_all_sa_state_node_from_list->
 * 394) 2013-07-27 18:57:24 : IKE<1.1.1.1> no relocate earlier SA-state, not active.
 * 395) 2013-07-27 18:57:24 : IKE<1.1.1.1> key_modify: sa index <1> bk_idx <1>.
 * 396) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   insert_sa_state_to_spi_hash spi, sa_index<1>, Incoming
 * 397) 2013-07-27 18:57:24 : IKE<0.0.0.0        >   insert_sa_state_to_spi_hash spi, sa_index<1>, Outgoing
 * 398) 2013-07-27 18:57:24 : IKE<1.1.1.1> update acvpn flags for sa 1
 * 399) 2013-07-27 18:57:24 : IKE<1.1.1.1> update acvpn flags for sa 1 - 0x4001e3
 * 400) 2013-07-27 18:57:24 : IKE<1.1.1.1>  crypto_ctx 11, 8, 8, 8, 0, 0, 16, 0, 12, 48
 * 401) 2013-07-27 18:57:24 : IKE<1.1.1.1> modify esp tunnel: src (peer) ipv4 <1.1.1.1>
 * 402) 2013-07-27 18:57:24 : IKE<1.1.1.1> modifying esp tunnel: self <ipv4 1.1.1.2>
 * 403) 2013-07-27 18:57:24 : IKE<1.1.1.1> update auto NHTB status for sa 1
 * 404) 2013-07-27 18:57:24 : IKE<1.1.1.1> after mod, out nsptunnel.
 * 405) 2013-07-27 18:57:24 : IKE<1.1.1.1> Phase 2 msg-id : Completed Quick Mode negotiation with SPI, tunnel ID <4>, and lifetime seconds/<0> KB.
 * 406) 2013-07-27 18:57:24 : IKE<1.1.1.1> Application sa installed.
 * 407) 2013-07-27 18:57:24 : IKE<1.1.1.1> oakley_process_quick_mode:exit
 * 408) 2013-07-27 18:57:24 : IKE<1.1.1.1> IKE msg done: PKI state<0> IKE state<3/80522f>
 * 409) 2013-07-27 18:57:33 : IKE<1.1.1.1>   Delete conn entry...
 * 410) 2013-07-27 18:57:33 : IKE<1.1.1.1>  ...found conn entry(e5838c70)

FW2 get config
SSG520-> get config set interface ethernet0/3 ip 1.1.1.2/24 set interface ethernet0/3 route set interface loopback.1 ip 4.4.4.4/24 set interface loopback.1 nat set ike gateway "vpn2" address 1.1.1.1 Main outgoing-interface "ethernet0/3" preshare "51Hv+Jp4N/VS7SsGmLCPrAr/uunXaaep+w==" proposal "pre-g1-des-md5" set ike respond-bad-spi 1 set ike ikev2 ike-sa-soft-lifetime 60 set ipsec access-session maximum 5000 set ipsec access-session upper-threshold 0 set ipsec access-session lower-threshold 0 set ipsec access-session dead-p2-sa-timeout 0 set vpn "vpn2" gateway "vpn2" no-replay tunnel idletime 0 proposal "nopfs-esp-des-md5" set vpn "vpn2" monitor rekey set policy id 4 from "Untrust" to "Trust" "3.3.3.0/24" "4.4.4.0/24" "ANY" tunnel vpn "vpn2" id 0x4 pair-policy 3 log set policy id 3 from "Trust" to "Untrust" "4.4.4.0/24" "3.3.3.0/24" "ANY" tunnel vpn "vpn2" id 0x4 pair-policy 4 log set route 3.3.3.0/24 interface ethernet0/3 gateway 1.1.1.1

FW2 get sa
SSG520-> get sa total configured sa: 1 HEX ID   Gateway         Port Algorithm     SPI      Life:sec kb Sta   PID vsys 00000004<        1.1.1.1  500 esp: des/md5  00000000 expir unlim I/I     4 0 00000004>        1.1.1.1  500 esp: des/md5  00000000 expir unlim I/I     3 0

SSG520-> get sa total configured sa: 1 HEX ID   Gateway         Port Algorithm     SPI      Life:sec kb Sta   PID vsys 00000004<        1.1.1.1  500 esp: des/md5  ff157fcb  3578 unlim A/U     4 0 00000004>        1.1.1.1  500 esp: des/md5  9f0446d1  3578 unlim A/U     3 0

FW2 get ike cookie
SSG520-> get ike cookie

IKEv1 SA -- Active: 1, Dead: 0, Total 1

80522f/0003, 1.1.1.2:500->1.1.1.1:500, PRESHR/grp1/DES/MD5, xchg(2) (vpn2/grp-1/usr-1) resent-tmr 26845440 lifetime 28800 lt-recv 28800 nxt_rekey 28593 cert-expire 0 initiator, err cnt 0, send dir 0, cond 0x0 nat-traversal map not available ike heartbeat             : disabled ike heartbeat last rcv time: 0 ike heartbeat last snd time: 0 XAUTH status: 0 DPD seq local 0, peer 0

IKEv2 SA -- Active: 0, Dead: 0, Total 0

FW2 get vpn
SSG520-> get vpn Name           Gateway         Mode RPlay 1st Proposal         Monitor Use Cnt Interface --- --- -  --- --- --- vpn2            vpn2            tunl No    nopfs-esp-des-md5    on            2 eth0/3 Total Auto VPN: 1 Total Pure Transport Mode IPSEC VPN: 0

Name      Gateway         Interface       Lcl SPI  Rmt SPI  Algorithm        Monitor Tunnel ID -- --- ---    --- -- Total Manual VPN 0