第一步 R1预配置
R1(config)#int f0/0
R1(config-if)#ip add 192.168.0.1 255.255.255.0
R1(config-if)#no sh
R1(config-if)#int e1/0
R1(config-if)#ip add 192.168.1.200 255.255.255.0
R1(config-if)#no sh
R1(config-if)#end
R1#ping 192.168.1.101
// 在本实验中PC机的IP地址是192.168.1.101
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.101, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 8/50/168 ms
R1#
R1#conf t
R1(config)#aaa new-model
// 激活AAA
R1(config)#aaa authorization network vpn-client-user local
// 配置对远程接入IPSec连接的授权,组名为vpn-client-user
R1(config)#ip local pool ×××DHCP 192.168.0.100 192.168.0.150
// 配置一个内部地址池,用于分配IP地址到远程接入的×××客户端,在本实验中地址池的起始地址为192.168.0.100,终止的IP地址为192.168.0.150,在后面的组策略中会引用改地址池
R1(config)#crypto isakmp client configuration group vpn-client-user
// 配置远程接入组,组名为vpn-client-user,此组名与aaa authorization network命令中的名称一致
R1(config-isakmp-group)#key norvel.com.cn
// 配置IKE阶段1使用预共享密钥,密钥为norvel.com.cn
R1(config-isakmp-group)#pool ×××DHCP
// 配置在客户端连接的Easy ××× client所分配的IP地址池
R1(config-isakmp-group)#dns 221.11.1.67
// 给客户端分配DNS地址
R1(config-isakmp-group)#domain norvel.com.cn
// 配置分配给客户端的DNS域名
R1(config-isakmp-group)#exit
R1(config)#
R1(config)#crypto isakmp policy 10
R1(config-isakmp)#authentication pre-share
R1(config-isakmp)#encryption 3des
R1(config-isakmp)#group 2
R1(config-isakmp)#hash sha
R1(config-isakmp)#exit
R1(config)#end
R1#show crypto isakmp policy
Protection suite of priority 10
encryption algorithm: Three key triple DES
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #2 (1024 bit)
lifetime: 86400 seconds, no volume limit
Default protection suite
encryption algorithm: DES - Data Encryption Standard (56 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Rivest-Shamir-Adleman Signature
Diffie-Hellman group: #1 (768 bit)
lifetime: 86400 seconds, no volume limit
R1#conf t
R1(config)#crypto ipsec transform-set R1 esp-sha-hmac esp-3des
// 配置名为R1的转换集
R1(cfg-crypto-trans)#exit
R1(config)#crypto dynamic-map dyvpn 10
// 配置名为dyvpn的动态加密映射
R1(config-crypto-map)#set transform-set R1
//Reverse-route 生成的两条路由,不配置这条命令,是无法ping内网的设备192.168.0.2
R1(config)#crypto map dyvpn isakmp authorization list vpn-client-user
// 指定应该为远程接入×××连接执行的授权,这里的vpn-client-user名称必须与aaa authorization network命令中的相同
R1(config)#crypto map dyvpn client configuration address respond
// 配置允许路由器将信息分配给远程接入客户端,respond参数使路由器等待客户端提示发送这些信息,然后路由器使用策略信息来回应
R1(config)#crypto map dyvpn 1 ipsec-isakmp dynamic dyvpn
// 配置在静态映射条目中关联动态加密映射
第七步 在接口上激活静态加密映射
R1(config)#int e1/0
R1(config-if)#crypto map dyvpn
R1(config-if)# ^Z
R1#show crypto ipsec sa
Crypto map tag: dyvpn, local addr 192.168.1.200
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.0.100/255.255.255.255/0/0)
current_peer 192.168.1.101 port 1141
PERMIT, flags={}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
path mtu 1500, ip mtu 1500, ip mtu idb Ethernet1/0
current outbound spi: 0x1E9D1DD2(513613266)
spi: 0x469FD498(1184879768)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 1, flow_id: SW:1, crypto map: dyvpn
sa timing: remaining key lifetime (k/sec): (4462636/3584)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
spi: 0x1E9D1DD2(513613266)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2, flow_id: SW:2, crypto map: dyvpn
sa timing: remaining key lifetime (k/sec): (4462636/3540)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
R1#
R1#debug crypto isakmp
Crypto ISAKMP debugging is .
R1#debug crypto ipsec
Crypto IPSEC debugging is .
R1#
R1#
*Jun 25 09:30:34.967: ISAKMP (0:0): received packet from 192.168.1.101 dport 500 sport 1161 Global (N) NEW SA
*Jun 25 09:30:34.967: ISAKMP: Created a peer struct for 192.168.1.101, peer port 1161
*Jun 25 09:30:34.967: ISAKMP: New peer created peer = 0x66D74ED0 peer_handle = 0x80000006
*Jun 25 09:30:34.971: ISAKMP: Locking peer struct 0x66D74ED0, refcount 1 for crypto_isakmp_process_block
*Jun 25 09:30:34.971: ISAKMP:(0):Setting client config settings 65DD5EE0
*Jun 25 09:30:34.971: ISAKMP/xauth: initializing AAA request
*Jun 25 09:30:34.975: ISAKMP: local port 500, remote port 1161
*Jun 25 09:30:34.979: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 66F36B00
*Jun 25 09:30:34.979: ISAKMP:(0): processing SA payload. message ID = 0
*Jun 25 09:30:34.983: ISAKMP:(0): processing ID payload. message ID = 0
*Jun 25 09:30:34.983: ISAKMP (0:0): ID payload
next-payload : 13
type : 11
group id : vpn-client-user
protocol : 17
port
R1# : 500
length : 23
*Jun 25 09:30:34.983: ISAKMP:(0):: peer matches *none* of the profiles
*Jun 25 09:30:34.987: ISAKMP:(0): processing vendor id payload
*Jun 25 09:30:34.987: ISAKMP:(0): vendor ID seems Unity/DPD but major 215 mismatch
*Jun 25 09:30:34.987: ISAKMP:(0): vendor ID is XAUTH
*Jun 25 09:30:34.987: ISAKMP:(0): processing vendor id payload
*Jun 25 09:30:34.991: ISAKMP:(0): vendor ID is DPD
*Jun 25 09:30:34.991: ISAKMP:(0): processing vendor id payload
*Jun 25 09:30:34.991: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
*Jun 25 09:30:34.991: ISAKMP:(0): processing vendor id payload
*Jun 25 09:30:34.995: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
*Jun 25 09:30:34.995: ISAKMP:(0): vendor ID is NAT-T v2
*Jun 25 09:30:34.995: ISAKMP:(0): processing vendor id payload
*Jun 25 09:30:34.995: ISAKMP:(0): vendor ID is Unity
*Jun 25 09:30:34.999: ISAKMP : Scanning profiles for xauth ...
*Jun 25 09:30:34.999: ISAKMP:(0):Checkin
R1#g ISAKMP transform 1 against priority 10 policy
*Jun 25 09:30:34.999: ISAKMP: encryption AES-CBC
*Jun 25 09:30:34.999: ISAKMP: hash SHA
*Jun 25 09:30:34.999: ISAKMP: default group 2
*Jun 25 09:30:35.003: ISAKMP: auth XAUTHInitPreShared
*Jun 25 09:30:35.003: ISAKMP: life type in seconds
*Jun 25 09:30:35.003: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.003: ISAKMP: keylength of 256
*Jun 25 09:30:35.007: ISAKMP:(0):Encryption algorithm offered does not match policy!
*Jun 25 09:30:35.007: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 25 09:30:35.007: ISAKMP:(0):Checking ISAKMP transform 2 against priority 10 policy
*Jun 25 09:30:35.007: ISAKMP: encryption AES-CBC
*Jun 25 09:30:35.007: ISAKMP: hash MD5
*Jun 25 09:30:35.011: ISAKMP: default group 2
*Jun 25 09:30:35.011: ISAKMP: auth XAUTHInitPreShared
*Jun 25 09:30:35.011: ISAKMP: life type in seconds
*Jun 25 09:30:35.011: ISAKM
R1#P: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.015: ISAKMP: keylength of 256
*Jun 25 09:30:35.015: ISAKMP:(0):Encryption algorithm offered does not match policy!
*Jun 25 09:30:35.015: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 25 09:30:35.015: ISAKMP:(0):Checking ISAKMP transform 3 against priority 10 policy
*Jun 25 09:30:35.019: ISAKMP: encryption AES-CBC
*Jun 25 09:30:35.019: ISAKMP: hash SHA
*Jun 25 09:30:35.019: ISAKMP: default group 2
*Jun 25 09:30:35.019: ISAKMP: auth pre-share
*Jun 25 09:30:35.019: ISAKMP: life type in seconds
*Jun 25 09:30:35.019: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.023: ISAKMP: keylength of 256
*Jun 25 09:30:35.023: ISAKMP:(0):Encryption algorithm offered does not match policy!
*Jun 25 09:30:35.023: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 25 09:30:35.027: ISAKMP:(0):Checking ISAKMP transform 4 against priority 10 poli
R1#cy
*Jun 25 09:30:35.027: ISAKMP: encryption AES-CBC
*Jun 25 09:30:35.027: ISAKMP: hash MD5
*Jun 25 09:30:35.027: ISAKMP: default group 2
*Jun 25 09:30:35.027: ISAKMP: auth pre-share
*Jun 25 09:30:35.027: ISAKMP: life type in seconds
*Jun 25 09:30:35.031: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.031: ISAKMP: keylength of 256
*Jun 25 09:30:35.031: ISAKMP:(0):Encryption algorithm offered does not match policy!
*Jun 25 09:30:35.035: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 25 09:30:35.035: ISAKMP:(0):Checking ISAKMP transform 5 against priority 10 policy
*Jun 25 09:30:35.035: ISAKMP: encryption AES-CBC
*Jun 25 09:30:35.035: ISAKMP: hash SHA
*Jun 25 09:30:35.035: ISAKMP: default group 2
*Jun 25 09:30:35.039: ISAKMP: auth XAUTHInitPreShared
*Jun 25 09:30:35.039: ISAKMP: life type in seconds
*Jun 25 09:30:35.039: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*
R1#Jun 25 09:30:35.039: ISAKMP: keylength of 128
*Jun 25 09:30:35.043: ISAKMP:(0):Encryption algorithm offered does not match policy!
*Jun 25 09:30:35.043: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 25 09:30:35.043: ISAKMP:(0):Checking ISAKMP transform 6 against priority 10 policy
*Jun 25 09:30:35.043: ISAKMP: encryption AES-CBC
*Jun 25 09:30:35.047: ISAKMP: hash MD5
*Jun 25 09:30:35.047: ISAKMP: default group 2
*Jun 25 09:30:35.047: ISAKMP: auth XAUTHInitPreShared
*Jun 25 09:30:35.047: ISAKMP: life type in seconds
*Jun 25 09:30:35.047: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.051: ISAKMP: keylength of 128
*Jun 25 09:30:35.051: ISAKMP:(0):Encryption algorithm offered does not match policy!
*Jun 25 09:30:35.051: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 25 09:30:35.051: ISAKMP:(0):Checking ISAKMP transform 7 against priority 10 policy
*Jun 25 09:30:35.051: ISAKMP: encryp
R1#tion AES-CBC
*Jun 25 09:30:35.051: ISAKMP: hash SHA
*Jun 25 09:30:35.051: ISAKMP: default group 2
*Jun 25 09:30:35.051: ISAKMP: auth pre-share
*Jun 25 09:30:35.051: ISAKMP: life type in seconds
*Jun 25 09:30:35.051: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.051: ISAKMP: keylength of 128
*Jun 25 09:30:35.051: ISAKMP:(0):Encryption algorithm offered does not match policy!
*Jun 25 09:30:35.051: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 25 09:30:35.051: ISAKMP:(0):Checking ISAKMP transform 8 against priority 10 policy
*Jun 25 09:30:35.051: ISAKMP: encryption AES-CBC
*Jun 25 09:30:35.051: ISAKMP: hash MD5
*Jun 25 09:30:35.051: ISAKMP: default group 2
*Jun 25 09:30:35.051: ISAKMP: auth pre-share
*Jun 25 09:30:35.051: ISAKMP: life type in seconds
*Jun 25 09:30:35.051: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.051: ISAKMP: keylength of 128
*J
R1#un 25 09:30:35.051: ISAKMP:(0):Encryption algorithm offered does not match policy!
*Jun 25 09:30:35.051: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 25 09:30:35.051: ISAKMP:(0):Checking ISAKMP transform 9 against priority 10 policy
*Jun 25 09:30:35.051: ISAKMP: encryption 3DES-CBC
*Jun 25 09:30:35.051: ISAKMP: hash SHA
*Jun 25 09:30:35.051: ISAKMP: default group 2
*Jun 25 09:30:35.051: ISAKMP: auth XAUTHInitPreShared
*Jun 25 09:30:35.051: ISAKMP: life type in seconds
*Jun 25 09:30:35.051: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.051: ISAKMP:(0):Xauth authentication by pre-shared key offered but does not match policy!
*Jun 25 09:30:35.051: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 25 09:30:35.051: ISAKMP:(0):Checking ISAKMP transform 10 against priority 10 policy
*Jun 25 09:30:35.051: ISAKMP: encryption 3DES-CBC
*Jun 25 09:30:35.051: ISAKMP: hash MD5
*Jun 25 09:30:35.051: I
R1#SAKMP: default group 2
*Jun 25 09:30:35.051: ISAKMP: auth XAUTHInitPreShared
*Jun 25 09:30:35.051: ISAKMP: life type in seconds
*Jun 25 09:30:35.051: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.051: ISAKMP:(0):Hash algorithm offered does not match policy!
*Jun 25 09:30:35.051: ISAKMP:(0):atts are not acceptable. Next payload is 3
*Jun 25 09:30:35.051: ISAKMP:(0):Checking ISAKMP transform 11 against priority 10 policy
*Jun 25 09:30:35.051: ISAKMP: encryption 3DES-CBC
*Jun 25 09:30:35.051: ISAKMP: hash SHA
*Jun 25 09:30:35.051: ISAKMP: default group 2
*Jun 25 09:30:35.051: ISAKMP: auth pre-share
*Jun 25 09:30:35.051: ISAKMP: life type in seconds
*Jun 25 09:30:35.051: ISAKMP: life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.051: ISAKMP:(0):atts are acceptable. Next payload is 3
*Jun 25 09:30:35.051: ISAKMP:(0):Acceptable atts:actual life: 86400
*Jun 25 09:30:35.051: ISAKMP:(0):Acceptable
R1# atts:life: 0
*Jun 25 09:30:35.051: ISAKMP:(0):Fill atts in sa vpi_length:4
*Jun 25 09:30:35.051: ISAKMP:(0):Fill atts in sa life_in_seconds:2147483
*Jun 25 09:30:35.051: ISAKMP:(0):Returning Actual lifetime: 86400
*Jun 25 09:30:35.051: ISAKMP:(0)::Started lifetime timer: 86400.
*Jun 25 09:30:35.095: ISAKMP:(0): processing NONCE payload. message ID = 0
*Jun 25 09:30:35.099: ISAKMP:(0): vendor ID is NAT-T v2
*Jun 25 09:30:35.099: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
*Jun 25 09:30:35.099: ISAKMP:(0):Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT
*Jun 25 09:30:35.099: ISAKMP:(0): phase 1 packet is a duplicate of a previous packet.
*Jun 25 09:30:35.099: ISAKMP:(0): retransmission skipped (awaiting response from other process)
*Jun 25 09:30:35.103: ISAKMP:(1005): cons
R1#tructed NAT-T vendor-02 ID
*Jun 25 09:30:35.107: ISAKMP:(1005):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
*Jun 25 09:30:35.107: ISAKMP (0:1005): ID payload
next-payload : 10
type : 1
address : 192.168.1.200
protocol : 17
port : 0
length : 12
*Jun 25 09:30:35.107: ISAKMP:(1005):Total payload length: 12
*Jun 25 09:30:35.111: ISAKMP:(1005): sending packet to 192.168.1.101 my_port 500 peer_port 1161 (R) AG_INIT_EXCH
*Jun 25 09:30:35.115: ISAKMP:(1005):Sending an IKE IPv4 Packet.
*Jun 25 09:30:35.115: ISAKMP:(1005):Input = IKE_MESG_FROM_AAA, PRESHARED_KEY_REPLY
*Jun 25 09:30:35.115: ISAKMP:(1005):Old State = IKE_R_AM_AAA_AWAIT New State = IKE_R_AM2
*Jun 25 09:30:35.211: ISAKMP:(1005): processing HASH payload. message ID = 0
*Jun 25 09:30:35.215: ISAKMP:(1005): processing NOTIFY INITIAL_
R1#CONTACT protocol 1
spi 0, message ID = 0, sa = 66F36B00
*Jun 25 09:30:35.215: ISAKMP:received payload type 20
*Jun 25 09:30:35.219: ISAKMP:received payload type 20
*Jun 25 09:30:35.219: ISAKMP:(1005):SA authentication status:
authenticated
*Jun 25 09:30:35.219: ISAKMP:(1005):SA has been authenticated with 192.168.1.101
*Jun 25 09:30:35.223: ISAKMP:(1005):SA authentication status:
authenticated
*Jun 25 09:30:35.223: ISAKMP:(1005): Process initial contact,
bring down existing phase 1 and 2 SA's with local 192.168.1.200 remote 192.168.1.101 remote port 1161
*Jun 25 09:30:35.223: ISAKMP:(1005):returning IP addr to the address pool
*Jun 25 09:30:35.231: ISAKMP: Trying to insert a peer 192.168.1.200/192.168.1.101/1161/, and inserted successfully 66D74ED0.
*Jun 25 09:30:35.235: ISAKMP:(1005):Returning Actual lifetime: 86400
*Jun 25 09:30:35.235: ISAKMP: set new node -1598652706 to QM_IDLE
*Jun 25 09:30:35.239: ISAKMP:(1005):Sending NOTIFY RESPONDER_LIFETIME protocol
R1#1
spi 1723596448, message ID = -1598652706
*Jun 25 09:30:35.239: ISAKMP:(1005): sending packet to 192.168.1.101 my_port 500 peer_port 1161 (R) QM_IDLE
*Jun 25 09:30:35.239: ISAKMP:(1005):Sending an IKE IPv4 Packet.
*Jun 25 09:30:35.243: ISAKMP:(1005):purging node -1598652706
*Jun 25 09:30:35.243: ISAKMP: Sending phase 1 responder lifetime 86400
*Jun 25 09:30:35.247: ISAKMP:(1005):Old State = IKE_R_AM2 New State = IKE_P1_COMPLETE
*Jun 25 09:30:35.251: ISAKMP:(1005): phase 1 packet is a duplicate of a previous packet.
*Jun 25 09:30:35.251: ISAKMP:(1005): retransmitting due to retransmit phase 1
*Jun 25 09:30:35.251: ISAKMP:(1005): no outgoing phase 1 packet to retransmit. QM_IDLE
*Jun 25 09:30:35.255: ISAKMP (0:1005): received packet from 192.168.1.101 dport 500 s
R1#port 1161 Global (R) QM_IDLE
*Jun 25 09:30:35.255: ISAKMP: set new node 1347824040 to QM_IDLE
*Jun 25 09:30:35.259: ISAKMP:(1005):processing transaction payload from 192.168.1.101. message ID = 1347824040
*Jun 25 09:30:35.259: ISAKMP: Config payload REQUEST
*Jun 25 09:30:35.263: ISAKMP:(1005):checking request:
*Jun 25 09:30:35.263: ISAKMP: IP4_ADDRESS
*Jun 25 09:30:35.263: ISAKMP: IP4_NETMASK
*Jun 25 09:30:35.263: ISAKMP: IP4_DNS
*Jun 25 09:30:35.263: ISAKMP: IP4_NBNS
*Jun 25 09:30:35.263: ISAKMP: ADDRESS_EXPIRY
*Jun 25 09:30:35.267: ISAKMP: MODECFG_BANNER
*Jun 25 09:30:35.267: ISAKMP: MODECFG_SAVEPWD
*Jun 25 09:30:35.267: ISAKMP: DEFAULT_DOMAIN
*Jun 25 09:30:35.267: ISAKMP: SPLIT_INCLUDE
*Jun 25 09:30:35.267: ISAKMP: SPLIT_DNS
*Jun 25 09:30:35.267: ISAKMP: PFS
*Jun 25 09:30:35.271: ISAKMP: MODECFG_BROWSER_PROXY
*Jun 25 09:30:35.271: ISAKMP: BACKUP_SERVER
*Jun 25 09:30:35.271: ISAKMP: CONFIG_MODE_UNKNOWN Unknown A
R1#ttr: 0x700C
*Jun 25 09:30:35.271: ISAKMP: APPLICATION_VERSION
*Jun 25 09:30:35.271: ISAKMP: FW_RECORD
*Jun 25 09:30:35.275: ISAKMP: MODECFG_HOSTNAME
*Jun 25 09:30:35.275: ISAKMP: CONFIG_MODE_UNKNOWN Unknown Attr: 0x7005
*Jun 25 09:30:35.279: ISAKMP/author: Author request for group vpn-client-usersuccessfully sent to AAA
*Jun 25 09:30:35.279: ISAKMP:(1005):Input = IKE_MESG_FROM_PEER, IKE_CFG_REQUEST
*Jun 25 09:30:35.279: ISAKMP:(1005):Old State = IKE_P1_COMPLETE New State = IKE_CONFIG_AUTHOR_AAA_AWAIT
*Jun 25 09:30:35.283: ISAKMP:(1005): phase 2 packet is a duplicate of a previous packet.
*Jun 25 09:30:35.291: IPSEC(key_engine): got a queue event with 1 KMI message(s)
*Jun 25 09:30:35.299: ISAKMP:(1005):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Jun 25 09:30:35.299: ISAKMP:(1005):Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT New State = IKE
R1#_CONFIG_AUTHOR_AAA_AWAIT
*Jun 25 09:30:35.311: Address: 0.2.0.0
*Jun 25 09:30:35.315: ISAKMP:(1005):allocating address 192.168.0.104
*Jun 25 09:30:35.315: ISAKMP: Sending private address: 192.168.0.104
*Jun 25 09:30:35.315: ISAKMP: Sending subnet mask: 255.255.255.0
*Jun 25 09:30:35.319: ISAKMP: Sending IP4_DNS server address: 221.11.1.67
*Jun 25 09:30:35.319: ISAKMP: Sending ADDRESS_EXPIRY seconds left to use the address: 86399
*Jun 25 09:30:35.319: ISAKMP: Sending save password reply value 0
*Jun 25 09:30:35.319: ISAKMP: Sending DEFAULT_DOMAIN default domain name: norvel.com.cn
*Jun 25 09:30:35.323: ISAKMP (0/1005): Unknown Attr: CONFIG_MODE_UNKNOWN (0x700C)
*Jun 25 09:30:35.323: ISAKMP: Sending APPLICATION_VERSION string: Cisco IOS Software, 7200 Software (C7200-ADVIPSERVICESK9-M), Version 12.4(15)T3, RELEASE SOFTWARE (fc1)
Technical Support: [url]http://www.cisco.com/techsupport[/url]
Copyright (c) 1986-2
R1#008 by Cisco Systems, Inc.
Compiled Fri 25-Jan-08 03:57 by prod_rel_team
*Jun 25 09:30:35.323: ISAKMP (0/1005): Unknown Attr: MODECFG_HOSTNAME (0x700A)
*Jun 25 09:30:35.327: ISAKMP (0/1005): Unknown Attr: CONFIG_MODE_UNKNOWN (0x7005)
*Jun 25 09:30:35.327: ISAKMP:(1005): responding to peer config from 192.168.1.101. ID = 1347824040
*Jun 25 09:30:35.331: ISAKMP:(1005): sending packet to 192.168.1.101 my_port 500 peer_port 1161 (R) CONF_ADDR
*Jun 25 09:30:35.331: ISAKMP:(1005):Sending an IKE IPv4 Packet.
*Jun 25 09:30:35.335: ISAKMP:(1005):deleting node 1347824040 error FALSE reason "No Error"
*Jun 25 09:30:35.335: ISAKMP:(1005):Talking to a Unity Client
*Jun 25 09:30:35.335: ISAKMP:(1005):Input = IKE_MESG_FROM_AAA, IKE_AAA_GROUP_ATTR
*Jun 25 09:30:35.339: ISAKMP:(1005):Old State = IKE_CONFIG_AUTHOR_AAA_AWAIT New State = IKE_P1_COMPLETE
*Jun 25 09:30:35.391: ISAKMP:(1005):Old State = IK
R1#E_P1_COMPLETE New State = IKE_P1_COMPLETE
*Jun 25 09:30:35.447: ISAKMP: set new node -585754297 to QM_IDLE
*Jun 25 09:30:35.455: ISAKMP:(1005): processing HASH payload. message ID = -585754297
*Jun 25 09:30:35.455: ISAKMP:(1005): processing SA payload. message ID = -585754297
*Jun 25 09:30:35.455: ISAKMP:(1005):Checking IPSec proposal 1
*Jun 25 09:30:35.459: ISAKMP: transform 1, ESP_AES
*Jun 25 09:30:35.459: ISAKMP: attributes in transform:
*Jun 25 09:30:35.459: ISAKMP: authenticator is HMAC-MD5
*Jun 25 09:30:35.459: ISAKMP: key length is 256
*Jun 25 09:30:35.459: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.463: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.463: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.463: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.467: ISAKMP:(1005):Che
R1#cking IPSec proposal 1
*Jun 25 09:30:35.467: ISAKMP:(1005):transform 1, IPPCP LZS
*Jun 25 09:30:35.467: ISAKMP: attributes in transform:
*Jun 25 09:30:35.467: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.467: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.467: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.471: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.471: IPSEC(validate_proposal_request): proposal part #1
*Jun 25 09:30:35.475: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
*Jun 25 09:30:35.479: IPSEC(validate_proposal_request): proposal part #2
*Jun 25 09:30:35.479: IPSEC(validate_proposal_request): propo
R1#sal part #2,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Jun 25 09:30:35.483: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
{esp-aes 256 esp-md5-hmac comp-lzs }
*Jun 25 09:30:35.483: ISAKMP:(1005): IPSec policy invalidated proposal with error 256
*Jun 25 09:30:35.487: ISAKMP:(1005):Checking IPSec proposal 2
*Jun 25 09:30:35.487: ISAKMP: transform 1, ESP_AES
*Jun 25 09:30:35.487: ISAKMP: attributes in transform:
*Jun 25 09:30:35.487: ISAKMP: authenticator is HMAC-SHA
*Jun 25 09:30:35.487: ISAKMP: key length is 256
*Jun 25 09:30:35.491: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.491: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.491: ISAKMP:
R1# SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.491: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.495: ISAKMP:(1005):Checking IPSec proposal 2
*Jun 25 09:30:35.495: ISAKMP:(1005):transform 1, IPPCP LZS
*Jun 25 09:30:35.495: ISAKMP: attributes in transform:
*Jun 25 09:30:35.495: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.495: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.499: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.499: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.499: IPSEC(validate_proposal_request): proposal part #1
*Jun 25 09:30:35.503: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, f
R1#lags= 0x0
*Jun 25 09:30:35.507: IPSEC(validate_proposal_request): proposal part #2
*Jun 25 09:30:35.507: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Jun 25 09:30:35.511: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
{esp-aes 256 esp-sha-hmac comp-lzs }
*Jun 25 09:30:35.511: ISAKMP:(1005): IPSec policy invalidated proposal with error 256
*Jun 25 09:30:35.515: ISAKMP:(1005):Checking IPSec proposal 3
*Jun 25 09:30:35.515: ISAKMP: transform 1, ESP_AES
*Jun 25 09:30:35.515: ISAKMP: attributes in transform:
*Jun 25 09:30:35.515: ISAKMP: authenticator is HMAC-MD5
*Jun 25 09:30:35.515: ISAKMP: key length is 128
*Jun
R1#25 09:30:35.519: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.519: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.519: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.523: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.523: ISAKMP:(1005):Checking IPSec proposal 3
*Jun 25 09:30:35.523: ISAKMP:(1005):transform 1, IPPCP LZS
*Jun 25 09:30:35.523: ISAKMP: attributes in transform:
*Jun 25 09:30:35.523: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.527: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.527: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.527: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.531: IPSEC(validate_proposal_request): proposal part #1
*Jun 25 09:30:35.531: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.
R1#255.255.255/0/0 (type=1),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
*Jun 25 09:30:35.535: IPSEC(validate_proposal_request): proposal part #2
*Jun 25 09:30:35.535: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Jun 25 09:30:35.539: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
{esp-aes esp-md5-hmac comp-lzs }
*Jun 25 09:30:35.539: ISAKMP:(1005): IPSec policy invalidated proposal with error 256
*Jun 25 09:30:35.543: ISAKMP:(1005):Checking IPSec proposal 4
*Jun 25 09:30:35.543: ISAKMP: transform 1, ESP_AES
*Jun 25 09:30:35.543: ISAKMP: attri
R1#butes in transform:
*Jun 25 09:30:35.543: ISAKMP: authenticator is HMAC-SHA
*Jun 25 09:30:35.547: ISAKMP: key length is 128
*Jun 25 09:30:35.547: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.547: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.547: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.551: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.551: ISAKMP:(1005):Checking IPSec proposal 4
*Jun 25 09:30:35.551: ISAKMP:(1005):transform 1, IPPCP LZS
*Jun 25 09:30:35.551: ISAKMP: attributes in transform:
*Jun 25 09:30:35.551: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.555: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.555: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.555: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #1
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.
R1#) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #2
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Jun 25 09:30:35.555: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
{esp-aes esp-sha-hmac comp-lzs }
*Jun 25 09:30:35.555: ISAKMP:(1005): IPSec policy invalidated proposal with error 256
*Jun 25 09:
R1#30:35.555: ISAKMP:(1005):Checking IPSec proposal 5
*Jun 25 09:30:35.555: ISAKMP: transform 1, ESP_AES
*Jun 25 09:30:35.555: ISAKMP: attributes in transform:
*Jun 25 09:30:35.555: ISAKMP: authenticator is HMAC-MD5
*Jun 25 09:30:35.555: ISAKMP: key length is 256
*Jun 25 09:30:35.555: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.555: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.555: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.555: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #1
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
R1#
*Jun 25 09:30:35.555: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
{esp-aes 256 esp-md5-hmac }
*Jun 25 09:30:35.555: ISAKMP:(1005): IPSec policy invalidated proposal with error 256
*Jun 25 09:30:35.555: ISAKMP:(1005):Checking IPSec proposal 6
*Jun 25 09:30:35.555: ISAKMP: transform 1, ESP_AES
*Jun 25 09:30:35.555: ISAKMP: attributes in transform:
*Jun 25 09:30:35.555: ISAKMP: authenticator is HMAC-SHA
*Jun 25 09:30:35.555: ISAKMP: key length is 256
*Jun 25 09:30:35.555: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.555: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.555: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.555: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #1
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
l
R1#ocal_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x0
*Jun 25 09:30:35.555: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
{esp-aes 256 esp-sha-hmac }
*Jun 25 09:30:35.555: ISAKMP:(1005): IPSec policy invalidated proposal with error 256
*Jun 25 09:30:35.555: ISAKMP:(1005):Checking IPSec proposal 7
*Jun 25 09:30:35.555: ISAKMP: transform 1, ESP_AES
*Jun 25 09:30:35.555: ISAKMP: attributes in transform:
*Jun 25 09:30:35.555: ISAKMP: authenticator is HMAC-MD5
*Jun 25 09:30:35.555: ISAKMP: key length is 128
*Jun 25 09:30:35.555: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.555: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.555: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.555: ISAKMP:(1005):atts are accep
R1#table.
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #1
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
*Jun 25 09:30:35.555: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
{esp-aes esp-md5-hmac }
*Jun 25 09:30:35.555: ISAKMP:(1005): IPSec policy invalidated proposal with error 256
*Jun 25 09:30:35.555: ISAKMP:(1005):Checking IPSec proposal 8
*Jun 25 09:30:35.555: ISAKMP: transform 1, ESP_AES
*Jun 25 09:30:35.555: ISAKMP: attributes in transform:
*Jun 25 09:30:35.555: ISAKMP: authenticator is HMAC-SHA
*Jun 25 09:30:35.555: ISAKMP: key length is 128
*Jun 25 09:30:35.55
R1#5: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.555: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.555: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.555: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #1
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
*Jun 25 09:30:35.555: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
{esp-aes esp-sha-hmac }
*Jun 25 09:30:35.555: ISAKMP:(1005): IPSec policy invalidated proposal with error 256
*Jun 25 09:30:35.555: ISAKMP:(1005):Checking IPSec proposal 9
*Jun 25 09:30:3
R1#5.555: ISAKMP: transform 1, ESP_3DES
*Jun 25 09:30:35.555: ISAKMP: attributes in transform:
*Jun 25 09:30:35.555: ISAKMP: authenticator is HMAC-MD5
*Jun 25 09:30:35.555: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.555: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.555: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.555: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.555: ISAKMP:(1005):Checking IPSec proposal 9
*Jun 25 09:30:35.555: ISAKMP:(1005):transform 1, IPPCP LZS
*Jun 25 09:30:35.555: ISAKMP: attributes in transform:
*Jun 25 09:30:35.555: ISAKMP: encaps is 1 (Tunnel)
*Jun 25 09:30:35.555: ISAKMP: SA life type in seconds
*Jun 25 09:30:35.555: ISAKMP: SA life duration (VPI) of 0x0 0x20 0xC4 0x9B
*Jun 25 09:30:35.555: ISAKMP:(1005):atts are acceptable.
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #1
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part
R1##1,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #2
*Jun 25 09:30:35.555: IPSEC(validate_proposal_request): proposal part #2,
(key eng. msg.) INBOUND local= 192.168.1.200, remote= 192.168.1.101,
local_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
remote_proxy= 192.168.0.104/255.255.255.255/0/0 (type=1),
protocol= PCP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Jun 25 09:30:35.555: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
{esp-3des esp-md5-hmac comp-lzs }
*Jun 25 09:30:35.555: ISAKMP:(1005): IPSec policy invalidated proposal with er
R1#ror 256
*Jun 25 09:30:35.555: ISAKMP:(1005):