Screenos Dailup VPN Xauth User Debug

= debug ike detail= SSG-1-> get db str
 * 1) 2014-12-11 17:41:01 : IKE<192.168.3.1> ike packet, len 578, action 1
 * 2) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: received 550 bytes from socket.
 * 3) 2014-12-11 17:41:01 : IKE<192.168.3.1> ****** Recv packet if  of vsys  ******
 * 4) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: get 550 bytes. src port 10952
 * 5) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ISAKMP msg: len 550, nxp 1[SA], exch 4[AG], flag 00
 * 6) 2014-12-11 17:41:01 : IKE<192.168.3.1    > Recv : [SA] [KE] [NONCE] [ID] [VID] [VID] [VID] [VID] [VID]
 * 7) 2014-12-11 17:41:01 : [VID] [VID] [VID] [VID] [VID] [VID] [VID]
 * 8) 2014-12-11 17:41:01 : valid id checking, id type:FQDN, len:22.
 * 9) 2014-12-11 17:41:01 : IKE<0.0.0.0        >     Validate (522): SA/128 KE/100 NONCE/44 ID/22 VID/12 VID/12 VID/20 VID/20 VID/20
 * 10) 2014-12-11 17:41:01 : IKE<192.168.3.1> Receive Id in AG mode, id-type=2, id=test@wipro.com, idlen = 14
 * 11) 2014-12-11 17:41:01 :   locate peer entry for (2/test@wipro.com), by identity.
 * 12) 2014-12-11 17:41:01 :   Found identity in group <2> user id <4>.
 * 13) 2014-12-11 17:41:01 : IKE<192.168.3.1> Found peer entry (Dialup-VPNGW) from 192.168.3.1.
 * 14) 2014-12-11 17:41:01 : responder create sa: 192.168.3.1->192.168.1.1
 * 15) 2014-12-11 17:41:01 : init p1sa, pidt = 0x0
 * 16) 2014-12-11 17:41:01 : change peer identity for p1 sa, pidt = 0x0
 * 17) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   peer_identity_create_with_uid: uid<0>
 * 18) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   create peer identity 0x2a7a044
 * 19) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   peer_identity_add_to_peer: num entry before add <2>
 * 20) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   peer_identity_add_to_peer: num entry after add <3>
 * 21) 2014-12-11 17:41:01 : peer identity 2a7a044 created.
 * 22) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   EDIPI disabled
 * 23) 2014-12-11 17:41:01 : IKE<192.168.3.1> getProfileFromP1Proposal->
 * 24) 2014-12-11 17:41:01 : IKE<192.168.3.1> find profile[0]=<00000001 00000001 00000001 00000001> for p1 proposal (id 0), xauth(1)
 * 25) 2014-12-11 17:41:01 : IKE<192.168.3.1> responder create sa: 192.168.3.1->192.168.1.1
 * 26) 2014-12-11 17:41:01 : IKE<192.168.3.1> Phase 1: Responder starts AGGRESSIVE mode negotiations.
 * 27) 2014-12-11 17:41:01 : IKE<192.168.3.1> AG in state OAK_AG_NOSTATE.
 * 28) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [VID]:
 * 29) 2014-12-11 17:41:01 : IKE<192.168.3.1    >   Vendor ID:
 * 30) 2014-12-11 17:41:01 : da 8e 93 78 80 01 00 00
 * 31) 2014-12-11 17:41:01 : IKE<192.168.3.1> receive unknown vendor ID payload
 * 32) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [VID]:
 * 33) 2014-12-11 17:41:01 : IKE<192.168.3.1    >   Vendor ID:
 * 34) 2014-12-11 17:41:01 : 09 00 26 89 df d6 b7 12
 * 35) 2014-12-11 17:41:01 : IKE<192.168.3.1> rcv XAUTH v6.0 vid
 * 36) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [VID]:
 * 37) 2014-12-11 17:41:01 : IKE<192.168.3.1    >   Vendor ID:
 * 38) 2014-12-11 17:41:01 : 7d 94 19 a6 53 10 ca 6f  2c 17 9d 92 15 52 9d 56
 * 39) 2014-12-11 17:41:01 : IKE<192.168.3.1> rcv non-NAT-Traversal VID payload.
 * 40) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [VID]:
 * 41) 2014-12-11 17:41:01 : IKE<192.168.3.1    >   Vendor ID:
 * 42) 2014-12-11 17:41:01 : 90 cb 80 91 3e bb 69 6e  08 63 81 b5 ec 42 7b 1f
 * 43) 2014-12-11 17:41:01 : IKE<192.168.3.1> rcv NAT-Traversal VID payload (draft-ietf-ipsec-nat-t-ike-02).
 * 44) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [VID]:
 * 45) 2014-12-11 17:41:01 : IKE<192.168.3.1    >   Vendor ID:
 * 46) 2014-12-11 17:41:01 : 44 85 15 2d 18 b6 bb cd  0b e8 a8 46 95 79 dd cc
 * 47) 2014-12-11 17:41:01 : IKE<192.168.3.1> rcv NAT-Traversal VID payload (draft-ietf-ipsec-nat-t-ike-00).
 * 48) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [VID]:
 * 49) 2014-12-11 17:41:01 : IKE<192.168.3.1    >   Vendor ID:
 * 50) 2014-12-11 17:41:01 : 4a 13 1c 81 07 03 58 45  5c 57 28 f2 0e 95 45 2f
 * 51) 2014-12-11 17:41:01 : IKE<192.168.3.1> rcv non-NAT-Traversal VID payload.
 * 52) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [VID]:
 * 53) 2014-12-11 17:41:01 : IKE<192.168.3.1    >   Vendor ID:
 * 54) 2014-12-11 17:41:01 : af ca d7 13 68 a1 f1 c9  6b 86 96 fc 77 57 01 00
 * 55) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [VID]:
 * 56) 2014-12-11 17:41:01 : IKE<192.168.3.1    >   Vendor ID:
 * 57) 2014-12-11 17:41:01 : 97 87 98 c6 28 e5 82 a8  3b 2a 97 bf 0d 6e 60 dd
 * 58) 2014-12-11 17:41:01 : IKE<192.168.3.1> rcv non-NAT-Traversal VID payload.
 * 59) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [VID]:
 * 60) 2014-12-11 17:41:01 : IKE<192.168.3.1    >   Vendor ID:
 * 61) 2014-12-11 17:41:01 : cb e7 94 44 a0 87 0d e4  22 4a 2c 15 1f bf e0 99
 * 62) 2014-12-11 17:41:01 : IKE<192.168.3.1> rcv non-NAT-Traversal VID payload.
 * 63) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [VID]:
 * 64) 2014-12-11 17:41:01 : IKE<192.168.3.1    >   Vendor ID:
 * 65) 2014-12-11 17:41:01 : c6 1b ac a1 f1 a6 0c c1  08 00 00 00 00 00 00 00
 * 66) 2014-12-11 17:41:01 : IKE<192.168.3.1> rcv non-NAT-Traversal VID payload.
 * 67) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [VID]:
 * 68) 2014-12-11 17:41:01 : IKE<192.168.3.1    >   Vendor ID:
 * 69) 2014-12-11 17:41:01 : 40 48 b7 d5 6e bc e8 85  25 e7 de 7f 00 d6 c2 d3
 * 70) 2014-12-11 17:41:01 : c0 00 00 00
 * 71) 2014-12-11 17:41:01 : IKE<192.168.3.1> receive unknown vendor ID payload
 * 72) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [VID]:
 * 73) 2014-12-11 17:41:01 : IKE<192.168.3.1    >   Vendor ID:
 * 74) 2014-12-11 17:41:01 : 12 f5 f2 8c 45 71 68 a9  70 2d 9f e2 74 cc 01 00
 * 75) 2014-12-11 17:41:01 : IKE<192.168.3.1> rcv non-NAT-Traversal VID payload.
 * 76) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [SA]:
 * 77) 2014-12-11 17:41:01 : IKE<192.168.3.1> Proposal received: xauthflag 0
 * 78) 2014-12-11 17:41:01 : IKE<192.168.3.1> P1 attributes not supported.
 * 79) 2014-12-11 17:41:01 : IKE<192.168.3.1> [0] expect: xauthflag 3
 * 80) 2014-12-11 17:41:01 : IKE<192.168.3.1> auth(1), encr(1), hash(1), group(1)
 * 81) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth attribute: responder
 * 82) 2014-12-11 17:41:01 : IKE<192.168.3.1> Proposal received: xauthflag 1
 * 83) 2014-12-11 17:41:01 : IKE<192.168.3.1> auth(1), encr(1), hash(1), group(1)
 * 84) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth attribute: initiator
 * 85) 2014-12-11 17:41:01 : IKE<192.168.3.1> Phase 1 proposal [0] selected.
 * 86) 2014-12-11 17:41:01 : IKE<192.168.3.1> SA Life Type = seconds
 * 87) 2014-12-11 17:41:01 : IKE<192.168.3.1> SA lifetime (TLV) = 86400
 * 88) 2014-12-11 17:41:01 : IKE<192.168.3.1> DH_BG_consume OK. p1 resp
 * 89) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [KE]:
 * 90) 2014-12-11 17:41:01 : IKE<192.168.3.1> processing ISA_KE in phase 1.
 * 91) 2014-12-11 17:41:01 : IKE<192.168.3.1> Phase1: his_DH_pub_len is 96
 * 92) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [NONCE]:
 * 93) 2014-12-11 17:41:01 : IKE<192.168.3.1> processing NONCE in phase 1.
 * 94) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [ID]:
 * 95) 2014-12-11 17:41:01 : IKE<192.168.3.1> ID received: type=ID_FQDN, FQDN = test@wipro.com, port=0, protocol=0
 * 96) 2014-12-11 17:41:01 : IKE<192.168.3.1> process_id need to update peer entry, cur .
 * 97) 2014-12-11 17:41:01 :   locate peer entry for (2/test@wipro.com), by identity.
 * 98) 2014-12-11 17:41:01 :   Found identity in group <2> user id <4>.
 * 99) 2014-12-11 17:41:01 : IKE<192.168.3.1> Dynamic peer IP addr, search peer by identity.
 * 100) 2014-12-11 17:41:01 : IKE<192.168.3.1> peer gateway entry has no peer id configured
 * 101) 2014-12-11 17:41:01 : IKE<192.168.3.1> ID processed. return 0. sa->p1_state = 0.
 * 102) 2014-12-11 17:41:01 : IKE<192.168.3.1> Phase 1 AG Responder constructing 2nd message.
 * 103) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct ISAKMP header.
 * 104) 2014-12-11 17:41:01 : IKE<192.168.3.1> Msg header built (next payload #1)
 * 105) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [SA] for ISAKMP
 * 106) 2014-12-11 17:41:01 : IKE<192.168.3.1> auth(1), encr(1), hash(1), group(1)
 * 107) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth attribute: disabled
 * 108) 2014-12-11 17:41:01 : IKE<192.168.3.1> lifetime/lifesize (86400/0)
 * 109) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   set_phase1_transform, dh_group(1).
 * 110) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct NetScreen [VID]
 * 111) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct custom [VID]
 * 112) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct custom [VID]
 * 113) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct custom [VID]
 * 114) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [KE] for ISAKMP
 * 115) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [NONCE]
 * 116) 2014-12-11 17:41:01 : IKE<192.168.3.1> gen_skeyid
 * 117) 2014-12-11 17:41:01 : IKE<192.168.3.1> gen_skeyid: returning 0
 * 118) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [ID] for ISAKMP
 * 119) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [HASH]
 * 120) 2014-12-11 17:41:01 : IKE<192.168.3.1> ID, len=8, type=1, pro=17, port=500,
 * 121) 2014-12-11 17:41:01 : IKE<192.168.3.1> addr=192.168.1.1
 * 122) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct NAT-T [VID]: draft 2
 * 123) 2014-12-11 17:41:01 : IKE<192.168.3.1> Responder psk ag mode: natt vid constructed.
 * 124) 2014-12-11 17:41:01 : IKE<192.168.3.1> responder (psk) constructing remote NAT-D
 * 125) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [NATD]
 * 126) 2014-12-11 17:41:01 : IKE<192.168.3.1> responder (psk) constructing local NAT-D
 * 127) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [NATD]
 * 128) 2014-12-11 17:41:01 : IKE<192.168.3.1    > Xmit : [SA] [VID] [VID] [VID] [VID] [KE] [NONCE] [ID] [HASH]
 * 129) 2014-12-11 17:41:01 : [VID] [NATD] [NATD]
 * 130) 2014-12-11 17:41:01 : IKE<192.168.3.1> Responder sending IPv4 IP 192.168.3.1/port 10952
 * 131) 2014-12-11 17:41:01 : IKE<192.168.3.1> Send Phase 1 packet (len=400)
 * 132) 2014-12-11 17:41:01 : IKE<192.168.3.1> IKE msg done: PKI state<0> IKE state<5/91180f>
 * 133) 2014-12-11 17:41:01 : IKE<192.168.3.1> ike packet, len 144, action 0
 * 134) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: received 116 bytes from socket.
 * 135) 2014-12-11 17:41:01 : IKE<192.168.3.1> ****** Recv packet if  of vsys <Root> ******
 * 136) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: get 116 bytes. src port 10952
 * 137) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ISAKMP msg: len 116, nxp 8[HASH], exch 4[AG], flag 01  E
 * 138) 2014-12-11 17:41:01 : IKE<192.168.3.1> Decrypting payload (length 88)
 * 139) 2014-12-11 17:41:01 : IKE<192.168.3.1    > Recv*: [HASH] [NATD] [NATD] [NOTIF]
 * 140) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   extract payload (88):
 * 141) 2014-12-11 17:41:01 : IKE<192.168.3.1> AG in state OAK_AG_INIT_EXCH.
 * 142) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [NATD]:
 * 143) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [NATD]:
 * 144) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [HASH]:
 * 145) 2014-12-11 17:41:01 : IKE<192.168.3.1> ID, len=18, type=2, pro=0, port=0,
 * 146) 2014-12-11 17:41:01 : IKE<192.168.3.1>
 * 147) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [NOTIF]:
 * 148) 2014-12-11 17:41:01 : IKE<192.168.3.1> Received notify message for DOI <1> <INITIAL-CONTACT>.
 * 149) 2014-12-11 17:41:01 : IKE<192.168.3.1> Received initial contact notification and removed Phase 2 SAs.
 * 150) 2014-12-11 17:41:01 : clear phase 2 sa of peer Dialup-VPNGW.
 * 151) 2014-12-11 17:41:01 : IKE<192.168.3.1> process notify exit with <0>.
 * 152) 2014-12-11 17:41:01 : IKE<192.168.3.1> completing Phase 1
 * 153) 2014-12-11 17:41:01 : IKE<192.168.3.1> sa_pidt = 2a7a044
 * 154) 2014-12-11 17:41:01 : IKE<192.168.3.1> adjusting phase 1 hash
 * 155) 2014-12-11 17:41:01 : IKE<192.168.3.1> found existing peer identity 2a79d90
 * 156) 2014-12-11 17:41:01 : IKE<192.168.3.1> peer_identity_unregister_p1_sa.
 * 157) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   delete peer identity 0x2a7a044
 * 158) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   peer_identity_remove_from_peer: num entry before remove <3>
 * 159) 2014-12-11 17:41:01 : IKE<192.168.3.1> peer_idt.c peer_identity_unregister_p1_sa 686: pidt deleted.
 * 160) 2014-12-11 17:41:01 : IKE<192.168.3.1> clear p1sa(0x2a4ba44) xauth because new p1sa (0x2a4ccd4) gets initial-contact
 * 161) 2014-12-11 17:41:01 : IKE<192.168.3.1> IKE Xauth: release prefix route, ret=<-2>.
 * 162) 2014-12-11 17:41:01 : IKE<192.168.3.1> phase 1 sa timeout value reduced to <30>.
 * 163) 2014-12-11 17:41:01 : IKE<192.168.3.1> Phase 1: Completed for ip <192.168.3.1>, user<test@wipro.com>
 * 164) 2014-12-11 17:41:01 : IKE<192.168.3.1> Phase 1: Completed Aggressive mode negotiation with a -second lifetime.
 * 165) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth is started: server, p1responder, aggr mode.
 * 166) 2014-12-11 17:41:01 : IKE<192.168.3.1> start_xauth
 * 167) 2014-12-11 17:41:01 : IKE<192.168.3.1> start_xauth: as:0 ac:-1 enable:1
 * 168) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth_process_server: accounting server id 0 (use auth server as acct server).
 * 169) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth_process_server: xauthstatus 20.
 * 170) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ikecfg list add attr type 16520, val 0 added, len 0.
 * 171) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ikecfg list add attr type 16521, val empty string, type added, len 0.
 * 172) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ikecfg list add attr type 16522, val empty string, type added, len 0.
 * 173) 2014-12-11 17:41:01 : IKE<192.168.3.1> Create conn entry...
 * 174) 2014-12-11 17:41:01 : IKE<192.168.3.1>   ...done(new 0fe1c988)
 * 175) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct ISAKMP header.
 * 176) 2014-12-11 17:41:01 : IKE<192.168.3.1> Msg header built (next payload #8)
 * 177) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [HASH]
 * 178) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   print ikecfg attribute payload:
 * 179) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   next: 0, payloadlength 20, type 1, identifier 47626.
 * 180) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   basic attr type 16520, valint 0
 * 181) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   variable attr type 16521, vallen 0, valstr empty string, type
 * 182) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   variable attr type 16522, vallen 0, valstr empty string, type
 * 183) 2014-12-11 17:41:01 : IKE<0.0.0.0        >
 * 184) 2014-12-11 17:41:01 : IKE<192.168.3.1> construct QM HASH
 * 185) 2014-12-11 17:41:01 : IKE<192.168.3.1    > Xmit*: [HASH] [IKECFG]
 * 186) 2014-12-11 17:41:01 : IKE<192.168.3.1> Encrypt P2 payload (len 68)
 * 187) 2014-12-11 17:41:01 : IKE<192.168.3.1> Responder sending IPv4 IP 192.168.3.1/port 10952
 * 188) 2014-12-11 17:41:01 : IKE<192.168.3.1> Send Phase 2 packet (len=76)
 * 189) 2014-12-11 17:41:01 : IKE<192.168.3.1> ikecfg packet sent. msgid fe1c988, len: 68, peer<192.168.3.1>
 * 190) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth status updated by state machine: 20
 * 191) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   proc_other_session_notify->
 * 192) 2014-12-11 17:41:01 : IKE<0.0.0.0        >     process Notify Payload: doi(1), msg(24578), txt<INITIAL-CONTACT>
 * 193) 2014-12-11 17:41:01 : IKE<192.168.3.1> Received initial contact notification and removed Phase 1 SAs.
 * 194) 2014-12-11 17:41:01 : IKE<192.168.3.1> IKE msg done: PKI state<0> IKE state<6/1097182f>
 * 195) 2014-12-11 17:41:01 : IKE<192.168.3.1> ike packet, len 112, action 0
 * 196) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: received 84 bytes from socket.
 * 197) 2014-12-11 17:41:01 : IKE<192.168.3.1> ****** Recv packet if <ethernet0/3> of vsys <Root> ******
 * 198) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: get 84 bytes. src port 10952
 * 199) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ISAKMP msg: len 84, nxp 8[HASH], exch 6[XACT_EXCH], flag 01  E
 * 200) 2014-12-11 17:41:01 : IKE<192.168.3.1> Decrypting payload (length 56)
 * 201) 2014-12-11 17:41:01 : IKE<192.168.3.1    > Recv*: [HASH] [IKECFG]
 * 202) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [IKECFG]:
 * 203) 2014-12-11 17:41:01 : IKE<192.168.3.1> processing IKECFG payload. msgid fe1c988, msgtype 2, payload ID 47626
 * 204) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   print ikecfg attribute payload:
 * 205) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   next: 0, payloadlength 31, type 2, identifier 47626.
 * 206) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   basic attr type 16520, valint 0
 * 207) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   variable attr type 16521, vallen 4, valstr ama
 * 208) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   variable attr type 16522, vallen 7, valstr test12
 * 209) 2014-12-11 17:41:01 : IKE<0.0.0.0        >
 * 210) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ikecfg list add attr type 16520, val 0 added, len 0.
 * 211) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ikecfg list add attr type 16521, val ama added, len 4.
 * 212) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ikecfg list add attr type 16522, val test12 added, len 7.
 * 213) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth server got type: 16520 v<0>
 * 214) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth server got var type: 16521
 * 215) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth server got var type: 16522
 * 216) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth server entering state machine: 20
 * 217) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth_process_server: accounting server id 0 (use auth server as acct server).
 * 218) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth_process_server: xauthstatus 20.
 * 219) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth_auth_pap: authing locally: uname aman, passwd test123          SUCCESS
 * 220) 2014-12-11 17:41:01 : IKE<192.168.3.1> Get config for client(local auth)
 * 221) 2014-12-11 17:41:01 : IKE<192.168.3.1> ikecfg_assign_client_cfg: Sa->ip_addr = 0x0
 * 222) 2014-12-11 17:41:01 : IKE<192.168.3.1> getting xauth local user remote setting
 * 223) 2014-12-11 17:41:01 : IKE<192.168.3.1> getting xauth local user IP from pool <Pool1>
 * 224) 2014-12-11 17:41:01 : IKE<192.168.3.1> Don't do xauth RADIUS accounting. Send cfg to client directly.
 * 225) 2014-12-11 17:41:01 : IKE<192.168.3.1> ikecfg_send_client_cfg: ip 10.1.1.20, v4mask 255.255.255.255 dns1 0.0.0.0, dns2 0.0.0.0, win1 0.0.0.0, win2 0.0.0.0
 * 226) 2014-12-11 17:41:01 : IKE<192.168.3.1> ikecfg_send_client_cfg v6: id ::, prefix ::/0
 * 227) 2014-12-11 17:41:01 : IKE<192.168.3.1> ikecfg_send_client_cfg v6: dns1 ::, dns2 ::, win1 ::, win2 ::
 * 228) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ikecfg list add attr type 1, val 10.1.1.20 added, len 4.
 * 229) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ikecfg list add attr type 2, val 255.255.255.255 added, len 4.
 * 230) 2014-12-11 17:41:01 : IKE<192.168.3.1> Create conn entry...
 * 231) 2014-12-11 17:41:01 : IKE<192.168.3.1>   ...done(new 93c31173)
 * 232) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct ISAKMP header.
 * 233) 2014-12-11 17:41:01 : IKE<192.168.3.1> Msg header built (next payload #8)
 * 234) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [HASH]
 * 235) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   print ikecfg attribute payload:
 * 236) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   next: 0, payloadlength 24, type 3, identifier 47626.
 * 237) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   variable attr type 1, vallen 4, valstr 10.1.1.20
 * 238) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   variable attr type 2, vallen 4, valstr 255.255.255.255
 * 239) 2014-12-11 17:41:01 : IKE<0.0.0.0        >
 * 240) 2014-12-11 17:41:01 : IKE<192.168.3.1> construct QM HASH
 * 241) 2014-12-11 17:41:01 : IKE<192.168.3.1    > Xmit*: [HASH] [IKECFG]
 * 242) 2014-12-11 17:41:01 : IKE<192.168.3.1> Encrypt P2 payload (len 72)
 * 243) 2014-12-11 17:41:01 : IKE<192.168.3.1> Responder sending IPv4 IP 192.168.3.1/port 10952
 * 244) 2014-12-11 17:41:01 : IKE<192.168.3.1> Send Phase 2 packet (len=76)
 * 245) 2014-12-11 17:41:01 : IKE<192.168.3.1> ikecfg packet sent. msgid 93c31173, len: 72, peer<192.168.3.1>
 * 246) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth status updated by state machine: 90
 * 247) 2014-12-11 17:41:01 : IKE<192.168.3.1> IKE msg done: PKI state<0> IKE state<6/1097182f>
 * 248) 2014-12-11 17:41:01 : IKE<192.168.3.1> ike packet, len 96, action 0
 * 249) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: received 68 bytes from socket.
 * 250) 2014-12-11 17:41:01 : IKE<192.168.3.1> ****** Recv packet if <ethernet0/3> of vsys <Root> ******
 * 251) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: get 68 bytes. src port 10952
 * 252) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ISAKMP msg: len 68, nxp 8[HASH], exch 6[XACT_EXCH], flag 01  E
 * 253) 2014-12-11 17:41:01 : IKE<192.168.3.1> Decrypting payload (length 40)
 * 254) 2014-12-11 17:41:01 : IKE<192.168.3.1    > Recv*: [HASH] [IKECFG]
 * 255) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [IKECFG]:
 * 256) 2014-12-11 17:41:01 : IKE<192.168.3.1> processing IKECFG payload. msgid 93c31173, msgtype 4, payload ID 47626
 * 257) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   print ikecfg attribute payload:
 * 258) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   next: 0, payloadlength 16, type 4, identifier 47626.
 * 259) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   variable attr type 1, vallen 0, valstr 0.2.0.0
 * 260) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   variable attr type 2, vallen 0, valstr 0.0.0.0
 * 261) 2014-12-11 17:41:01 : IKE<0.0.0.0        >
 * 262) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ikecfg list add attr type 1, val 0.0.0.0 added, len 0.
 * 263) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ikecfg list add attr type 2, val 0.0.0.0 added, len 0.
 * 264) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth server entering state machine: 90
 * 265) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth_process_server: accounting server id 0 (use auth server as acct server).
 * 266) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth_process_server: xauthstatus 90.
 * 267) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ikecfg list add attr type 16527, val 1 added, len 0.
 * 268) 2014-12-11 17:41:01 : IKE<192.168.3.1> Create conn entry...
 * 269) 2014-12-11 17:41:01 : IKE<192.168.3.1>   ...done(new 0647f2bc)
 * 270) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct ISAKMP header.
 * 271) 2014-12-11 17:41:01 : IKE<192.168.3.1> Msg header built (next payload #8)
 * 272) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [HASH]
 * 273) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   print ikecfg attribute payload:
 * 274) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   next: 0, payloadlength 12, type 3, identifier 47626.
 * 275) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   basic attr type 16527, valint 1
 * 276) 2014-12-11 17:41:01 : IKE<0.0.0.0        >
 * 277) 2014-12-11 17:41:01 : IKE<192.168.3.1> construct QM HASH
 * 278) 2014-12-11 17:41:01 : IKE<192.168.3.1    > Xmit*: [HASH] [IKECFG]
 * 279) 2014-12-11 17:41:01 : IKE<192.168.3.1> Encrypt P2 payload (len 60)
 * 280) 2014-12-11 17:41:01 : IKE<192.168.3.1> Responder sending IPv4 IP 192.168.3.1/port 10952
 * 281) 2014-12-11 17:41:01 : IKE<192.168.3.1> Send Phase 2 packet (len=68)
 * 282) 2014-12-11 17:41:01 : IKE<192.168.3.1> ikecfg packet sent. msgid 647f2bc, len: 60, peer<192.168.3.1>
 * 283) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth status updated by state machine: 100
 * 284) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth_passed
 * 285) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth login PASSED. gw <Dialup-VPNGW>, username, retry: 0
 * 286) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth_cleanup
 * 287) 2014-12-11 17:41:01 : IKE<192.168.3.1> IKE msg done: PKI state<0> IKE state<6/1097182f>
 * 288) 2014-12-11 17:41:01 : IKE<192.168.3.1> ike packet, len 88, action 0
 * 289) 2014-12-11 17:41:01 : IKE<192.168.3.1> ike packet, len 200, action 0
 * 290) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: received 60 bytes from socket.
 * 291) 2014-12-11 17:41:01 : IKE<192.168.3.1> ****** Recv packet if <ethernet0/3> of vsys <Root> ******
 * 292) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: get 60 bytes. src port 10952
 * 293) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ISAKMP msg: len 60, nxp 8[HASH], exch 6[XACT_EXCH], flag 01  E
 * 294) 2014-12-11 17:41:01 : IKE<192.168.3.1> Decrypting payload (length 32)
 * 295) 2014-12-11 17:41:01 : IKE<192.168.3.1    > Recv*: [HASH] [IKECFG]
 * 296) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [IKECFG]:
 * 297) 2014-12-11 17:41:01 : IKE<192.168.3.1> processing IKECFG payload. msgid 647f2bc, msgtype 4, payload ID 47626
 * 298) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   print ikecfg attribute payload:
 * 299) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   next: 0, payloadlength 12, type 4, identifier 47626.
 * 300) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   variable attr type 16527, vallen 0, valstr
 * 301) 2014-12-11 17:41:01 : IKE<0.0.0.0        >
 * 302) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth: bad state negt peer
 * 303) 2014-12-11 17:41:01 : IKE<192.168.3.1> IKE msg done: PKI state<0> IKE state<6/1097182f>
 * 304) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: received 172 bytes from socket.
 * 305) 2014-12-11 17:41:01 : IKE<192.168.3.1> ****** Recv packet if <ethernet0/3> of vsys <Root> ******
 * 306) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: get 172 bytes. src port 10952
 * 307) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ISAKMP msg: len 172, nxp 8[HASH], exch 32[QM], flag 01  E
 * 308) 2014-12-11 17:41:01 : IKE<192.168.3.1> Create conn entry...
 * 309) 2014-12-11 17:41:01 : IKE<192.168.3.1>   ...done(new 1956a75f)
 * 310) 2014-12-11 17:41:01 : IKE<192.168.3.1> Phase 2 msg-id : Responded to the first peer message from user <test@wipro.com>.
 * 311) 2014-12-11 17:41:01 : IKE<192.168.3.1> Decrypting payload (length 144)
 * 312) 2014-12-11 17:41:01 : IKE<192.168.3.1    > Recv*: [HASH] [SA] [NONCE] [ID] [ID]
 * 313) 2014-12-11 17:41:01 : valid id checking, id type:IP Address, len:12.
 * 314) 2014-12-11 17:41:01 : valid id checking, id type:IP Subnet, len:16.
 * 315) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   extract payload (144):
 * 316) 2014-12-11 17:41:01 : valid id checking, id type:IP Address, len:12.
 * 317) 2014-12-11 17:41:01 : valid id checking, id type:IP Subnet, len:16.
 * 318) 2014-12-11 17:41:01 : IKE<192.168.3.1> QM in state OAK_QM_SA_ACCEPT.
 * 319) 2014-12-11 17:41:01 : IKE<192.168.3.1> receive init proxy id type ID_IPV4_ADDR with mask 0: force mask to all 1.
 * 320) 2014-12-11 17:41:01 : IKE<192.168.3.1> Start by finding matching member SA (verify -1/-1)
 * 321) 2014-12-11 17:41:01 : IKE<192.168.3.1> IKE: Matching policy: gw ip <192.168.3.1> peer entry id<1>
 * 322) 2014-12-11 17:41:01 : id hash:
 * 323) 2014-12-11 17:41:01 : 3a c5 8a 23 13 24 e2 5f  7d 94 e3 42 a0 b4 33 35
 * 324) 2014-12-11 17:41:01 : 93 8e 57 1b
 * 325) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   protocol matched expected<0>.
 * 326) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   port matched expect l:<0>, r<0>.
 * 327) 2014-12-11 17:41:01 : IKE<192.168.3.1> Peer is dial up.
 * 328) 2014-12-11 17:41:01 : IKE<192.168.3.1> configured ID for sa(32769):
 * 329) 2014-12-11 17:41:01 : IKE<192.168.3.1> local  10.1.1.0/24 prot<0> port<0> type<4>        remote 10.1.1.20/32 prot<0> port<0> type<1>
 * 330) 2014-12-11 17:41:01 : IKE<192.168.3.1> member without dynamic policy found, match local address only
 * 331) 2014-12-11 17:41:01 : ipvx = IPV4
 * 332) 2014-12-11 17:41:01 : rcv_local_addr = 10.1.1.0, rcv_local_mask = 255.255.255.0, p_rcv_local_real = 10.1.1.0
 * 333) 2014-12-11 17:41:01 : rcv_remote_addr = 10.1.1.20, rcv_remote_mask = 255.255.255.255, p_rcv_remote_real = 10.1.1.20
 * 334) 2014-12-11 17:41:01 : ike_p2_id->local_ip = 10.1.1.0, cfg_local_mask = 255.255.255.0, p_cfg_local_real = 10.1.1.0
 * 335) 2014-12-11 17:41:01 : ike_p2_id->remote_ip = 10.1.1.20, cfg_remote_mask = 255.255.255.255, p_cfg_remote_real = 10.1.1.20
 * 336) 2014-12-11 17:41:01 : IKE<192.168.3.1> Proxy ID match: Located matching Phase 2 SA.
 * 337) 2014-12-11 17:41:01 : IKE<192.168.3.1> Start by finding matching member SA (verify -1/-1)
 * 338) 2014-12-11 17:41:01 : IKE<192.168.3.1> IKE: Matching policy: gw ip <192.168.3.1> peer entry id<1>
 * 339) 2014-12-11 17:41:01 : id hash:
 * 340) 2014-12-11 17:41:01 : 3a c5 8a 23 13 24 e2 5f  7d 94 e3 42 a0 b4 33 35
 * 341) 2014-12-11 17:41:01 : 93 8e 57 1b
 * 342) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   protocol matched expected<0>.
 * 343) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   port matched expect l:<0>, r<0>.
 * 344) 2014-12-11 17:41:01 : IKE<192.168.3.1> Peer is dial up.
 * 345) 2014-12-11 17:41:01 : IKE<192.168.3.1> configured ID for sa(32769):
 * 346) 2014-12-11 17:41:01 : IKE<192.168.3.1> local  10.1.1.0/24 prot<0> port<0> type<4>        remote 10.1.1.20/32 prot<0> port<0> type<1>
 * 347) 2014-12-11 17:41:01 : IKE<192.168.3.1> member without dynamic policy found, match local address only
 * 348) 2014-12-11 17:41:01 : ipvx = IPV4
 * 349) 2014-12-11 17:41:01 : rcv_local_addr = 10.1.1.0, rcv_local_mask = 255.255.255.0, p_rcv_local_real = 10.1.1.0
 * 350) 2014-12-11 17:41:01 : rcv_remote_addr = 10.1.1.20, rcv_remote_mask = 255.255.255.255, p_rcv_remote_real = 10.1.1.20
 * 351) 2014-12-11 17:41:01 : ike_p2_id->local_ip = 10.1.1.0, cfg_local_mask = 255.255.255.0, p_cfg_local_real = 10.1.1.0
 * 352) 2014-12-11 17:41:01 : ike_p2_id->remote_ip = 10.1.1.20, cfg_remote_mask = 255.255.255.255, p_cfg_remote_real = 10.1.1.20
 * 353) 2014-12-11 17:41:01 : IKE<192.168.3.1> Proxy ID match: Located matching Phase 2 SA.
 * 354) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [SA]:
 * 355) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   Check P2 Proposal
 * 356) 2014-12-11 17:41:01 : IKE<192.168.3.1> SA life type = seconds
 * 357) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   SA life duration (TV) = 28800
 * 358) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   encap mode from peer = 1.
 * 359) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   encap mode after converting it to private value = 1.
 * 360) 2014-12-11 17:41:01 : IKE<192.168.3.1> Phase 2 received:
 * 361) 2014-12-11 17:41:01 : IKE<192.168.3.1> atts<00000003 00000000 00000002 00000001 00000001 00000000>
 * 362) 2014-12-11 17:41:01 : IKE<192.168.3.1> proto(3)<ESP>, esp(2)<ESP_DES>, auth(1)<MD5>, encap(1)<TUNNEL>, group(0)
 * 363) 2014-12-11 17:41:01 : IKE<192.168.3.1> P2 proposal [0] selected.
 * 364) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   add sa list for msg id
 * 365) 2014-12-11 17:41:01 : IKE<192.168.3.1> get_unique_spi 0, 1314921955, 4e601de3
 * 366) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [NONCE]:
 * 367) 2014-12-11 17:41:01 : IKE<192.168.3.1> processing NONCE in phase 2.
 * 368) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [ID]:
 * 369) 2014-12-11 17:41:01 : IKE<192.168.3.1> Process [ID]:
 * 370) 2014-12-11 17:41:01 : IKE<192.168.3.1> Phase 2 Responder constructing 2nd message.
 * 371) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct ISAKMP header.
 * 372) 2014-12-11 17:41:01 : IKE<192.168.3.1> Msg header built (next payload #8)
 * 373) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [HASH]
 * 374) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [SA] for IPSEC
 * 375) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   Set IPSEC SA attrs tunnel(1) MD5 grp0 lifetime(28800/0)
 * 376) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   Before NAT-T attr unmap: P2 prop tunnel = 1.
 * 377) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   After NAT-T attr unmap: P2 prop tunnel = 1.
 * 378) 2014-12-11 17:41:01 : IKE<10.1.1.20> IP<10.1.1.20> mask<255.255.255.255> prot<0> port<0>
 * 379) 2014-12-11 17:41:01 : IKE<192.168.3.1> Initiator P2 ID built: ...h
 * 380) 2014-12-11 17:41:01 : IKE<10.1.1.0> IP<10.1.1.0> mask<255.255.255.0> prot<0> port<0>
 * 381) 2014-12-11 17:41:01 : IKE<192.168.3.1> Responder P2 ID built: ...h
 * 382) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [NONCE] for IPSec
 * 383) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [ID] for Phase 2
 * 384) 2014-12-11 17:41:01 : id payload constructed. type(1),ip(10.1.1.20),mask(255.255.255.255), prot(0), port(0)
 * 385) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [ID] for Phase 2
 * 386) 2014-12-11 17:41:01 : id payload constructed. type(4),ip(10.1.1.0),mask(255.255.255.0), prot(0), port(0)
 * 387) 2014-12-11 17:41:01 : IKE<192.168.3.1> send out RESPONDER_LIFETIME notification. prot=3,
 * 388) 2014-12-11 17:41:01 : IKE<192.168.3.1> life_sec=3600
 * 389) 2014-12-11 17:41:01 : IKE<192.168.3.1> Construct [NOTIF] (RESPONDER-LIFETIME) for IPSEC
 * 390) 2014-12-11 17:41:01 : IKE<192.168.3.1> construct QM HASH
 * 391) 2014-12-11 17:41:01 : IKE<192.168.3.1    > Xmit*: [HASH] [SA] [NONCE] [ID] [ID] [NOTIF]
 * 392) 2014-12-11 17:41:01 : IKE<192.168.3.1> Encrypt P2 payload (len 192)
 * 393) 2014-12-11 17:41:01 : IKE<192.168.3.1> Responder sending IPv4 IP 192.168.3.1/port 10952
 * 394) 2014-12-11 17:41:01 : IKE<192.168.3.1> Send Phase 2 packet (len=196)
 * 395) 2014-12-11 17:41:01 : IKE<192.168.3.1> oakley_process_quick_mode:exit
 * 396) 2014-12-11 17:41:01 : IKE<192.168.3.1> IKE msg done: PKI state<0> IKE state<6/1097182f>
 * 397) 2014-12-11 17:41:01 : IKE<192.168.3.1> ike packet, len 80, action 0
 * 398) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: received 52 bytes from socket.
 * 399) 2014-12-11 17:41:01 : IKE<192.168.3.1> ****** Recv packet if <ethernet0/3> of vsys <Root> ******
 * 400) 2014-12-11 17:41:01 : IKE<192.168.3.1> Catcher: get 52 bytes. src port 10952
 * 401) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   ISAKMP msg: len 52, nxp 8[HASH], exch 32[QM], flag 01  E
 * 402) 2014-12-11 17:41:01 : IKE<192.168.3.1> Decrypting payload (length 24)
 * 403) 2014-12-11 17:41:01 : IKE<192.168.3.1    > Recv*: [HASH]
 * 404) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   extract payload (24):
 * 405) 2014-12-11 17:41:01 : IKE<192.168.3.1> QM in state OAK_QM_AUTH_AWAIT.
 * 406) 2014-12-11 17:41:01 : IKE<192.168.3.1> xauth_cleanup
 * 407) 2014-12-11 17:41:01 : IKE<192.168.3.1> Done cleaning up IKE Phase 1 SA
 * 408) 2014-12-11 17:41:01 : IKE<192.168.3.1> Start by finding matching member SA (verify 1/1)
 * 409) 2014-12-11 17:41:01 : IKE<192.168.3.1> Verify sa: index 1
 * 410) 2014-12-11 17:41:01 : IKE<192.168.3.1> IKE: Matching policy: gw ip <192.168.3.1> peer entry id<1>
 * 411) 2014-12-11 17:41:01 : id hash:
 * 412) 2014-12-11 17:41:01 : 3a c5 8a 23 13 24 e2 5f  7d 94 e3 42 a0 b4 33 35
 * 413) 2014-12-11 17:41:01 : 93 8e 57 1b
 * 414) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   protocol matched expected<0>.
 * 415) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   port matched expect l:<0>, r<0>.
 * 416) 2014-12-11 17:41:01 : IKE<192.168.3.1> Peer is dial up.
 * 417) 2014-12-11 17:41:01 : IKE<192.168.3.1> configured ID for sa(32769):
 * 418) 2014-12-11 17:41:01 : IKE<192.168.3.1> local  10.1.1.0/24 prot<0> port<0> type<4>        remote 10.1.1.20/32 prot<0> port<0> type<1>
 * 419) 2014-12-11 17:41:01 : IKE<192.168.3.1> member without dynamic policy found, match local address only
 * 420) 2014-12-11 17:41:01 : ipvx = IPV4
 * 421) 2014-12-11 17:41:01 : rcv_local_addr = 10.1.1.0, rcv_local_mask = 255.255.255.0, p_rcv_local_real = 10.1.1.0
 * 422) 2014-12-11 17:41:01 : rcv_remote_addr = 10.1.1.20, rcv_remote_mask = 255.255.255.255, p_rcv_remote_real = 10.1.1.20
 * 423) 2014-12-11 17:41:01 : ike_p2_id->local_ip = 10.1.1.0, cfg_local_mask = 255.255.255.0, p_cfg_local_real = 10.1.1.0
 * 424) 2014-12-11 17:41:01 : ike_p2_id->remote_ip = 10.1.1.20, cfg_remote_mask = 255.255.255.255, p_cfg_remote_real = 10.1.1.20
 * 425) 2014-12-11 17:41:01 : IKE<192.168.3.1> Proxy ID match: Located matching Phase 2 SA.
 * 426) 2014-12-11 17:41:01 : IKE<192.168.3.1> sa ID for phase 2 sa is . IP version is 4.
 * 427) 2014-12-11 17:41:01 : IKE<192.168.3.1> Search existing member entry user_id<4> dial_id<2>.
 * 428) 2014-12-11 17:41:01 : IKE<192.168.3.1> Start by finding matching member SA (verify -1/1)
 * 429) 2014-12-11 17:41:01 : IKE<192.168.3.1> Verify sa: index 1
 * 430) 2014-12-11 17:41:01 : IKE<192.168.3.1> IKE: Matching policy: gw ip <192.168.3.1> peer entry id<1>
 * 431) 2014-12-11 17:41:01 : id hash:
 * 432) 2014-12-11 17:41:01 : 3a c5 8a 23 13 24 e2 5f  7d 94 e3 42 a0 b4 33 35
 * 433) 2014-12-11 17:41:01 : 93 8e 57 1b
 * 434) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   protocol matched expected<0>.
 * 435) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   port matched expect l:<0>, r<0>.
 * 436) 2014-12-11 17:41:01 : IKE<192.168.3.1> Peer is dial up.
 * 437) 2014-12-11 17:41:01 : IKE<192.168.3.1> configured ID for sa(32769):
 * 438) 2014-12-11 17:41:01 : IKE<192.168.3.1> local  10.1.1.0/24 prot<0> port<0> type<4>        remote 10.1.1.20/32 prot<0> port<0> type<1>
 * 439) 2014-12-11 17:41:01 : IKE<192.168.3.1> member without dynamic policy found, match local address only
 * 440) 2014-12-11 17:41:01 : ipvx = IPV4
 * 441) 2014-12-11 17:41:01 : rcv_local_addr = 10.1.1.0, rcv_local_mask = 255.255.255.0, p_rcv_local_real = 10.1.1.0
 * 442) 2014-12-11 17:41:01 : rcv_remote_addr = 10.1.1.20, rcv_remote_mask = 255.255.255.255, p_rcv_remote_real = 10.1.1.20
 * 443) 2014-12-11 17:41:01 : ike_p2_id->local_ip = 10.1.1.0, cfg_local_mask = 255.255.255.0, p_cfg_local_real = 10.1.1.0
 * 444) 2014-12-11 17:41:01 : ike_p2_id->remote_ip = 10.1.1.20, cfg_remote_mask = 255.255.255.255, p_cfg_remote_real = 10.1.1.20
 * 445) 2014-12-11 17:41:01 : IKE<192.168.3.1> Proxy ID match: Located matching Phase 2 SA.
 * 446) 2014-12-11 17:41:01 : IKE<192.168.3.1> Found earlier sa for this group member, idx<1> id.
 * 447) 2014-12-11 17:41:01 : ikmpd.c 3871. pidt == 2a79d90
 * 448) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   life (sec or kb): lcl 3600, peer 28800, set 3600.
 * 449) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   life (sec or kb): lcl 0, peer 0, set 0.
 * 450) 2014-12-11 17:41:01 : IKE<192.168.3.1> gen_qm_key
 * 451) 2014-12-11 17:41:01 : IKE<192.168.3.1> load_sa_keys: enter.
 * 452) 2014-12-11 17:41:01 : IKE<192.168.3.1> gen_qm_key
 * 453) 2014-12-11 17:41:01 : IKE<192.168.3.1> load_sa_keys: enter.
 * 454) 2014-12-11 17:41:01 : IKE<192.168.3.1> ikmpd.c 3999. sa ID for phase 2 sa is . IP version is 4.
 * 455) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   spi hash node removed: type<2>,spi ,ip<192.168.1.1>
 * 456) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   spi hash node removed: type<2>,spi ,ip<192.168.3.1>
 * 457) 2014-12-11 17:41:01 : IKE<192.168.3.1> clean_all_sa_state_node_from_list->
 * 458) 2014-12-11 17:41:01 : IKE<192.168.3.1> relocate earlier SA-state.
 * 459) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   insert_sa_state_to_spi_hash spi, sa_index<1>, Incoming
 * 460) 2014-12-11 17:41:01 : IKE<192.168.3.1> key_modify: sa index <1> bk_idx <1>.
 * 461) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   insert_sa_state_to_spi_hash spi, sa_index<1>, Incoming
 * 462) 2014-12-11 17:41:01 : IKE<0.0.0.0        >   insert_sa_state_to_spi_hash spi, sa_index<1>, Outgoing
 * 463) 2014-12-11 17:41:01 : IKE<192.168.3.1> update acvpn flags for sa 1
 * 464) 2014-12-11 17:41:01 : IKE<192.168.3.1> update acvpn flags for sa 1 - 0x400433
 * 465) 2014-12-11 17:41:01 : IKE<192.168.3.1>  crypto_ctx 11, 8, 8, 8, 0, 0, 16, 0, 12, 48
 * 466) 2014-12-11 17:41:01 : IKE<192.168.3.1> modify esp tunnel: src (peer) ipv4 <192.168.3.1>
 * 467) 2014-12-11 17:41:01 : IKE<192.168.3.1> modifying esp tunnel: self <ipv4 192.168.1.1>
 * 468) 2014-12-11 17:41:01 : IKE<192.168.3.1> update auto NHTB status for sa 1
 * 469) 2014-12-11 17:41:01 : IKE<192.168.3.1> after mod, out nsptunnel.
 * 470) 2014-12-11 17:41:01 : IKE<192.168.3.1> Phase 2 msg-id : Completed for user<test@wipro.com>.
 * 471) 2014-12-11 17:41:01 : IKE<192.168.3.1> Phase 2 msg-id : Completed Quick Mode negotiation with SPI, tunnel ID , and lifetime seconds/<0> KB.
 * 472) 2014-12-11 17:41:01 : IKE<192.168.3.1> Application sa installed.
 * 473) 2014-12-11 17:41:01 : IKE<192.168.3.1> oakley_process_quick_mode:exit
 * 474) 2014-12-11 17:41:01 : IKE<192.168.3.1> IKE msg done: PKI state<0> IKE state<6/1097182f>

= get config =

<pre style="width: 97%; overflow-x: scroll;">SSG-1-> get config set interface ethernet0/1.1 ip 10.1.1.1/24 set interface ethernet0/1.1 nat set interface ethernet0/3 ip 192.168.1.1/24 set interface ethernet0/3 route set ippool "Pool1" 10.1.1.20 10.1.1.25 set user "aman" uid 5 set user "aman" type xauth set user "aman" remote ippool "Pool1" set user "aman" password "FiPEI1D7NcekQBsDb7CqIHSrx3nyVccZKg==" set user "aman" "enable" set user "ike-usr" uid 4 set user "ike-usr" ike-id fqdn "test@wipro.com" share-limit 10 set user "ike-usr" type ike set user "ike-usr" "enable" set user-group "ike-grp" id 2 set user-group "ike-grp" user "ike-usr" set crypto-policy set ike gateway "Dialup-VPNGW" dialup "ike-grp" Aggr outgoing-interface "ethernet0/3" preshare "Tvh0IpHtNk8w1AsnRUCWBK1GHknZF/BSwA==" proposal "pre-g1-des-md5" set ike gateway "Dialup-VPNGW" nat-traversal keepalive-frequency 5 set ike gateway "Dialup-VPNGW" xauth server "Local" set xauth default ippool "Pool1" set vpn "Dialup-PH2" gateway "Dialup-VPNGW" no-replay tunnel idletime 0 proposal "nopfs-esp-des-md5" set vpn "Dialup-PH2" proxy-id local-addr "Trust" "10.1.1.0/24" remote-addr "Untrust" "Dial-Up VPN IPv4" "ANY" set policy id 5 from "Untrust" to "Trust" "Dial-Up VPN IPv4" "10.1.1.0/24" "ANY" tunnel vpn "Dialup-PH2" id 0x4 log

= get ike cookie = SSG-1-> get ike cookie

IKEv1 SA -- Active: 1, Dead: 0, Total 1

1097182f/0006, 192.168.3.1:10952->192.168.1.1:500, PRESHR/grp1/DES/MD5, xchg(5) (Dialup-VPNGW/grp2/usr4) resent-tmr 322 lifetime 28800 lt-recv 86400 nxt_rekey 28658 cert-expire 0 responder, err cnt 0, send dir 1, cond 0xc0 nat-traversal map not available ike heartbeat             : disabled ike heartbeat last rcv time: 0 ike heartbeat last snd time: 0 XAUTH status: 100 DPD seq local 0, peer 353093532

IKEv2 SA -- Active: 0, Dead: 0, Total 0

= get sa = SSG-1-> get sa total configured sa: 1 HEX ID   Gateway         Port Algorithm     SPI      Life:sec kb Sta   PID vsys 00008001<    192.168.3.1  500 esp: des/md5  4e601de4  3453 unlim A/-     5 0 00008001>    192.168.3.1  500 esp: des/md5  f21ba3d7  3453 unlim A/-    -1 0

= get sa id =

SSG-1-> get sa id 0x8001 index 1, name Dialup-PH2, peer gateway ip 192.168.3.1. vsys<Root> auto key. policy node, tunnel mode, policy id in:<5> out:<-1> id hash: >3a>c5>8a>23>13>24>e2>5f>7d>94>e3>42>a0>b4>33>35>93>8e>57>1b vpngrp:<-1>. sa_list_nxt:<4>. parent_sa_id:<4>. tunnel id 32769, peer id 1, NSRP Local. dialup, dynamic member. site-to-site. Local interface is ethernet0/3 <192.168.1.1>. esp, group 0, des encryption, md5  authentication autokey, IN active, OUT active monitor<0>, latency: 0, availability: 0 DF bit: clear app_sa_flags: 0x2400433 proxy id: local 10.1.1.0/255.255.255.0, remote 10.1.1.20/255.255.255.255, proto 0, port 0/0 ike activity timestamp: 95033667 DSCP-mark : disabled nat-traversal map not available incoming: SPI 4e601de4, flag 00004000, tunnel info 40008001, pipeline life 3600 sec, 3444 remain, 0 kb, 0 bytes remain anti-replay off, idle timeout value <0>, idled 123 seconds next pak sequence number: 0x0 bytes/paks:480/8; sw bytes/paks:480/8 outgoing: SPI f21ba3d7, flag 00000000, tunnel info 40008001, pipeline life 3600 sec, 3444 remain, 0 kb, 0 bytes remain anti-replay off, idle timeout value <0>, idled 123 seconds next pak sequence number: 0x4 bytes/paks:480/8; sw bytes/paks:480/8

= get vpn =

SSG-1-> get vpn Name           Gateway         Mode RPlay 1st Proposal         Monitor Use Cnt Interface --- --- -  --- --- --- Dialup-PH2      Dialup-VPNGW    tunl No    nopfs-esp-des-md5    off           1 eth0/3 Total Auto VPN: 1 Total Pure Transport Mode IPSEC VPN: 0

Name      Gateway         Interface       Lcl SPI  Rmt SPI  Algorithm        Monitor Tunnel ID -- --- ---    --- -- Total Manual VPN 0

= get xauth active =

SSG-1-> get xauth active

GW Name             Login           Auth By    GW IP           Private IP      Last Login     Session Timeout   Idle Timeout Dialup-VPNGW           aman      Local     192.168.3.1       10.1.1.20 255.255.255.255  2014-12-11 17:49:05         0      0

= NCP-e Client Profile =

[GENERAL] Export=1 Product=NCP Secure Client - Juniper Edition Version=9.32 Build 218 Date=12/11/2014 5:40:13 PM [PROFILE1] Name=dialup-ssg NotKeepVpn=0 BootProfile=0 ConnMode=0 Timeout=1000 PkiConfig= ExchMode=4 IKE-Policy=Pre-shared Key IkeDhGroup=1 IkeLTSec=001:00:00:00 IPSec-Policy=proposal PFS=0 IPSecLTType=1 IpsecLTSec=000:08:00:00 IPSecLTKb=50000 IkeIdType=2 IkeIdStr=test@wipro.com Gateway=192.168.1.1 UseTunnel=0 UseXAUTH=1 DisDPD=0 DPDInterval=20 DPDRetrys=8 AntiReplay=0 IpAddrAssign=0 IPAddress= SubnetMask=255.255.255.0 DNS1=0.0.0.0 DNS2=0.0.0.0 WINS1=0.0.0.0 WINS2=0.0.0.0 DomainName= SubjectCert= IssuerCert= FingerPrint= UseSHA1=0 DNSActiv=0 DNS1Tmp=0.0.0.0 DNS2Tmp=0.0.0.0 WINS1Tmp=0.0.0.0 WINS2Tmp=0.0.0.0 UsePreShKey=1 Network1=10.1.1.0 SubMask1=255.255.255.0 [IKEPOLICY1] IkeName=Pre-shared Key IkeCrypt=1 IkeHash=1 IkeAuth=1 IkeDhGroup=2 [IPSECPOLICY1] IPSecName=proposal IpsecCrypt=1 IpsecAuth=1