<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">Rescued from the Spam bucket. Please remember to subscribe to the mailing list before posting to it.<br class=""><div><br class=""><div class=""><div class=""><span class="" style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);"><b class="">From: </b></span><span class="" style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;">"CAQUINEAU, Pierre-Alexandre" <<a href="mailto:pacaquineau@free.fr" style="color: rgb(149, 79, 114);" class="">pacaquineau@free.fr</a>></span></div><div class=""><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);" class=""><b class="">Subject:<span class="Apple-converted-space"> </span></b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class=""><b class="">RE: [Openswan Users] Hung at - #1: pending Phase 2 for "Connection1/1x1" replacing #0</b><br class=""></span></div><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);" class=""><b class="">Date:<span class="Apple-converted-space"> </span></b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class="">August 24, 2015 at 4:13:29 AM EDT<br class=""></span></div><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);" class=""><b class="">To:<span class="Apple-converted-space"> </span></b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class="">"'Prakash Palanisamy'" <<a href="mailto:ppalanisamy@sdl.com" style="color: rgb(149, 79, 114); text-decoration: underline;" class="">ppalanisamy@sdl.com</a>><br class=""></span></div><div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; margin: 0px;" class=""><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif; color: rgb(127, 127, 127);" class=""><b class="">Cc:<span class="Apple-converted-space"> </span></b></span><span style="font-family: -webkit-system-font, 'Helvetica Neue', Helvetica, sans-serif;" class=""><<a href="mailto:users@lists.openswan.org" style="color: rgb(149, 79, 114); text-decoration: underline;" class="">users@lists.openswan.org</a>><br class=""></span></div><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><div class="WordSection1" style="page: WordSection1; font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;"><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="color: rgb(31, 73, 125);" class="">Hi,<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="color: rgb(31, 73, 125);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(31, 73, 125);" class="">Please add on your Openswan configuration this entry :<span class="Apple-converted-space"> </span><a href="mailto:rightid=@Connection1-ASA.global.sdl.corp" style="color: rgb(149, 79, 114); text-decoration: underline;" class="">rightid=<b class="">@Connection1-ASA.global.sdl.corp</b></a></span><b class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""><o:p class=""></o:p></span></b></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></b></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">conn Connection1 # Connection Name<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> type=tunnel<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> authby=secret<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> auto=start<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> pfs=yes<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> ike=aes256-sha1;modp1536!<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> phase2alg=aes256-sha1;modp1536<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> ikelifetime=28800s<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> salifetime=3600s<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> left=%defaultroute<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> leftid=52.17.237.123<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> leftsubnets={172.21.8.0/24}<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> right=87.213.46.220<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span lang="EN-US" style="color: red;" class=""> <a href="mailto:righted=@Connection1-ASA.global.sdl.corp" style="color: rgb(149, 79, 114); text-decoration: underline;" class=""><span style="color: red; text-decoration: none;" class="">rightid=</span><span style="color: red; text-decoration: none;" class="">@Connection1-ASA.global.sdl.corp</span></a></span></b><b class=""><span lang="EN-US" style="color: red;" class=""><o:p class=""></o:p></span></b></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> rightsubnets={10.100.0.0/16}<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(31, 73, 125);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Logs :<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1:<span class="Apple-converted-space"> </span></span><b class=""><span lang="EN-US" style="" class="">we require peer to have ID '87.213.46.220', but peer declares '@Connection1-ASA.global.sdl.corp'</span></b><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""><o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Or other method, you can add this directive on your firewall ASA and on Openswan you change Rightid by rightid=87.213.46.220<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Openswan :<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="font-size: 10pt; font-family: Arial, sans-serif;" class="">rightid='87.213.46.220<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">ASA :<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="font-size: 10pt; font-family: Arial, sans-serif;" class="">crypto isakmp identity address<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(31, 73, 125);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(31, 73, 125);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(31, 73, 125);" class="">++<o:p class=""></o:p></span></div><div class=""><div style="border-style: solid none none; border-top-color: rgb(181, 196, 223); border-top-width: 1pt; padding: 3pt 0cm 0cm;" class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif;" class="">De :</span></b><span lang="EN-US" style="font-size: 10pt; font-family: Tahoma, sans-serif;" class=""><span class="Apple-converted-space"> </span>Users [<a href="mailto:users-bounces@lists.openswan.org" style="color: rgb(149, 79, 114); text-decoration: underline;" class="">mailto:users-bounces@lists.openswan.org</a>]<span class="Apple-converted-space"> </span><b class="">De la part de</b><span class="Apple-converted-space"> </span>Prakash Palanisamy<br class=""><b class="">Envoyé :</b><span class="Apple-converted-space"> </span>lundi 24 août 2015 10:02<br class=""><b class="">À :</b><span class="Apple-converted-space"> </span><a href="mailto:users@lists.openswan.org" style="color: rgb(149, 79, 114); text-decoration: underline;" class="">users@lists.openswan.org</a><br class=""><b class="">Objet :</b><span class="Apple-converted-space"> </span>[Openswan Users] Hung at - #1: pending Phase 2 for "Connection1/1x1" replacing #0<o:p class=""></o:p></span></div></div></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">VPN connection between Linux Openswan U2.6.38 (Ubuntu EC2 instance in VPC with EIP) & Cisco ASA 5510 got stuck at “#1: pending Phase 2 for "Connection1/1x1" replacing #0”.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Please find below the complete details about the setup & logs. Any guidance would be helpful.<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Configuration details at ASA:<o:p class=""></o:p></span></b></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">No Nat and Access-list :<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">access-list inside_nat0_outbound extended permit ip 10.100.0.0 255.255.0.0 172.21.8.0 255.255.255.0<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">access-list Outside_cryptomap_120 extended permit ip 10.100.0.0 255.255.0.0 172.21.8.0 255.255.255.0<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Phase 1 ( any one of the policy will be picked up, here for aws tunnel the phase 1 policy is 60 ) :<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">crypto isakmp policy 10<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">authentication pre-share<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">encryption 3des<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">hash sha<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">group 2<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">lifetime 86400<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">crypto isakmp policy 20<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">authentication pre-share<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">encryption 3des<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">hash md5<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">group 2<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">lifetime 86400<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">crypto isakmp policy 30<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">authentication pre-share<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">encryption aes<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">hash sha<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">group 2<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">lifetime 86400<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">crypto isakmp policy 40<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">authentication pre-share<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">encryption aes<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">hash sha<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">group 2<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">lifetime 28800<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">crypto isakmp policy 50<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">authentication pre-share<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">encryption aes-256<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">hash sha<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">group 2<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">lifetime 28800<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">crypto isakmp policy 60<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">authentication pre-share<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">encryption aes-256<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">hash sha<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">group 5<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">lifetime 28800<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Crypto and PHase 2 :<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">crypto map Outside_map 120 match address Outside_cryptomap_120<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">crypto map Outside_map 120 set pfs<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">crypto map Outside_map 120 set peer 52.17.237.123<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">crypto map Outside_map 120 set transform-set ESP-AES-256-SHA<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">crypto map Outside_map 120 set security-association lifetime seconds 3600<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">tunnel-group 52.17.237.123 type ipsec-l2l<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">tunnel-group 52.17.237.123 ipsec-attributes<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">pre-shared-key ********<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Transform set :<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Configuration at OpenSwan:<o:p class=""></o:p></span></b></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">config setup<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> protostack=netkey<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> nat_traversal=no<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">conn Connection1 # Connection Name<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> type=tunnel<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> authby=secret<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> auto=start<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> pfs=yes<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> ike=aes256-sha1;modp1536!<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> phase2alg=aes256-sha1;modp1536<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> ikelifetime=28800s<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> salifetime=3600s<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> left=%defaultroute<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> leftid=52.17.237.123<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> leftsubnets={172.21.8.0/24}<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> right=87.213.46.220<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> rightsubnets={10.100.0.0/16}<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Snippet of whack status:<o:p class=""></o:p></span></b></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 "Connection1/1x1": 172.21.8.0/24===172.21.8.43[52.17.237.123]...87.213.46.220<87.213.46.220>===10.100.0.0/16; unrouted; eroute owner: #0<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 "Connection1/1x1": myip=unset; hisip=unset;<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 "Connection1/1x1": ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 "Connection1/1x1": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 24,16; interface: eth0;<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 "Connection1/1x1": newest ISAKMP SA: #0; newest IPsec SA: #0;<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 "Connection1/1x1": aliases: Connection1<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 "Connection1/1x1": IKE algorithms wanted: AES_CBC(7)_256-SHA1(2)_000-MODP1536(5); flags=strict<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 "Connection1/1x1": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-MODP1536(5)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 "Connection1/1x1": ESP algorithms wanted: AES(12)_256-SHA1(2)_000; pfsgroup=MODP1536(5); flags=-strict<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 "Connection1/1x1": ESP algorithms loaded: AES(12)_256-SHA1(2)_160<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 #8: "Connection1/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 8s; lastdpd=-1s(seq in:0 out:0); idle; import:not set<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 #7: "Connection1/1x1":500 STATE_MAIN_R2 (sent MR2, expecting MI3); EVENT_RETRANSMIT in 21s; lastdpd=-1s(seq in:0 out:0); idle; import:not set<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 #1: "Connection1/1x1":500 STATE_MAIN_I3 (sent MI3, expecting MR3); none in -1s; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">000 #1: pending Phase 2 for "Connection1/1x1" replacing #0<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Auth logs:<o:p class=""></o:p></span></b></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 ipsec__plutorun: Starting Pluto subsystem...<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: Starting Pluto (Openswan Version 2.6.38; Vendor ID OEvy\134kgzWq\134s) pid:21900<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: LEAK_DETECTIVE support [disabled]<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: OCF support for IKE [disabled]<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: SAref support [disabled]: Protocol not available<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: SAbind support [disabled]: Protocol not available<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: NSS support [disabled]<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: HAVE_STATSD notification support not compiled in<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: Setting NAT-Traversal port-4500 floating to off<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: port floating activation criteria nat_t=0/port_float=1<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: NAT-Traversal support [disabled]<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: using /dev/urandom as source of random entropy<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: starting up 1 cryptographic helpers<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: started helper pid=21903 (fd:6)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: Using Linux 2.6 IPsec interface code on 3.13.0-53-generic (experimental code)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21903]: using /dev/urandom as source of random entropy<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_add(): ERROR: algo_type '0', algo_id '0', Algorithm type already exists<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: added connection description "Connection1/1x1"<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: listening for IKE messages<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: adding interface eth0/eth0 172.21.8.43:500<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: adding interface lo/lo 127.0.0.1:500<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: adding interface lo/lo ::1:500<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: loading secrets from "/etc/ipsec.secrets"<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: initiating all conns with alias='Connection1'<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: initiating Main Mode<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: ignoring Vendor ID payload [Cisco IKE Fragmentation]<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: STATE_MAIN_I2: sent MI2, expecting MR2<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: received Vendor ID payload [Cisco-Unity]<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: received Vendor ID payload [XAUTH]<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: ignoring unknown Vendor ID payload [fcf4799afa86cc27fe698e78bd2eba5f]<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: ignoring Vendor ID payload [Cisco VPN 3000 Series]<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: STATE_MAIN_I3: sent MI3, expecting MR3<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: received Vendor ID payload [Dead Peer Detection]<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: Main mode peer ID is ID_FQDN: '@Connection1-ASA.global.sdl.corp'<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: we require peer to have ID '87.213.46.220', but peer declares '@Connection1-ASA.global.sdl.corp'<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:27 gateway3 pluto[21900]: "Connection1/1x1" #1: sending encrypted notification INVALID_ID_INFORMATION to 87.213.46.220:500<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:28 gateway3 pluto[21900]: packet from 87.213.46.220:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xab33e4a2<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:29 gateway3 pluto[21900]: "Connection1/1x1" #1: Quick Mode message is unacceptable because it is for an incomplete ISAKMP SA<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:29 gateway3 pluto[21900]: | payload malformed after IV<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:29 gateway3 pluto[21900]: | 48 70 2e a3 52 84 62 3a 36 27 ad e2 4e b8 a0 4f<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:29 gateway3 pluto[21900]: "Connection1/1x1" #1: sending notification PAYLOAD_MALFORMED to 87.213.46.220:500<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:34 gateway3 pluto[21900]: packet from 87.213.46.220:500: phase 1 message is part of an unknown exchange<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:37 gateway3 pluto[21900]: "Connection1/1x1" #1: Quick Mode message is unacceptable because it is for an incomplete ISAKMP SA<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:37 gateway3 pluto[21900]: | payload malformed after IV<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:37 gateway3 pluto[21900]: | 48 70 2e a3 52 84 62 3a 36 27 ad e2 4e b8 a0 4f<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:37 gateway3 pluto[21900]: "Connection1/1x1" #1: sending notification PAYLOAD_MALFORMED to 87.213.46.220:500<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:42 gateway3 pluto[21900]: packet from 87.213.46.220:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0x690eb3ad<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:45 gateway3 pluto[21900]: "Connection1/1x1" #1: Quick Mode message is unacceptable because it is for an incomplete ISAKMP SA<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:45 gateway3 pluto[21900]: | payload malformed after IV<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:45 gateway3 pluto[21900]: | 48 70 2e a3 52 84 62 3a 36 27 ad e2 4e b8 a0 4f<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:45 gateway3 pluto[21900]: "Connection1/1x1" #1: sending notification PAYLOAD_MALFORMED to 87.213.46.220:500<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:53 gateway3 pluto[21900]: "Connection1/1x1" #1: Quick Mode message is unacceptable because it is for an incomplete ISAKMP SA<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:53 gateway3 pluto[21900]: | payload malformed after IV<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:53 gateway3 pluto[21900]: | 48 70 2e a3 52 84 62 3a 36 27 ad e2 4e b8 a0 4f<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:46:53 gateway3 pluto[21900]: "Connection1/1x1" #1: sending notification PAYLOAD_MALFORMED to 87.213.46.220:500<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:47:01 gateway3 pluto[21900]: "Connection1/1x1" #1: next payload type of ISAKMP Hash Payload has an unknown value: 192<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:47:01 gateway3 pluto[21900]: "Connection1/1x1" #1: malformed payload in packet<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:47:01 gateway3 pluto[21900]: | payload malformed after IV<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:47:01 gateway3 pluto[21900]: | 48 70 2e a3 52 84 62 3a 36 27 ad e2 4e b8 a0 4f<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:47:01 gateway3 pluto[21900]: "Connection1/1x1" #1: sending notification PAYLOAD_MALFORMED to 87.213.46.220:500<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:47:01 gateway3 pluto[21900]: "Connection1/1x1" #1: next payload type of ISAKMP Hash Payload has an unknown value: 146<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:47:01 gateway3 pluto[21900]: "Connection1/1x1" #1: malformed payload in packet<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:47:02 gateway3 pluto[21900]: packet from 87.213.46.220:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:47:02 gateway3 pluto[21900]: packet from 87.213.46.220:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but port floating is off<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:47:02 gateway3 pluto[21900]: packet from 87.213.46.220:500: received Vendor ID payload [RFC 3947] meth=115, but port floating is off<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Aug 24 07:47:02 gateway3 pluto[21900]: packet from 87.213.46.220:500: ignoring Vendor ID payload [Cisco IKE Fragmentation]<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><b class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Iptables rules:<o:p class=""></o:p></span></b></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""># iptables -t nat -n -L --line-numbers<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Chain PREROUTING (policy ACCEPT)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">num target prot opt source destination<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Chain INPUT (policy ACCEPT)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">num target prot opt source destination<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Chain OUTPUT (policy ACCEPT)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">num target prot opt source destination<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Chain POSTROUTING (policy ACCEPT)<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">num target prot opt source destination<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">1 ACCEPT all -- 172.21.8.0/24 10.100.0.0/16<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">2 MASQUERADE all -- 172.21.8.0/24 0.0.0.0/0<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class=""> </span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Thanks,<o:p class=""></o:p></span></div><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="color: rgb(47, 84, 150);" class="">Prakash<o:p class=""></o:p></span></div><p class="MsoNormal" style="margin: 0cm 0cm 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span lang="EN-US" style="font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><br class=""> <a href="x-msg://1/www.sdl.com/" style="color: rgb(149, 79, 114); text-decoration: underline;" class=""><span style="text-decoration: none;" class=""><img border="0" width="150" height="68" id="_x0000_i1025" src="http://dr0muzwhcp26z.cloudfront.net/static/corporate/SDL-logo-2014.png" class=""></span></a><br class=""><a href="http://www.sdl.com/" style="color: rgb(149, 79, 114); text-decoration: underline;" class="">www.sdl.com</a><o:p class=""></o:p></span></p><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse: collapse;"><tbody class=""><tr class=""><td style="padding: 0cm;" class=""></td></tr></tbody></table><p class="MsoNormal" style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;"></p><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse: collapse;"><tbody class=""><tr class=""><td style="padding: 0cm;" class=""></td></tr></tbody></table><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span lang="EN-US" style="font-size: 12pt; font-family: 'Times New Roman', serif;" class=""> </span></div><table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse: collapse;"><tbody class=""><tr class=""><td width="800" style="width: 600pt; padding: 0cm;" class=""><div style="margin: 0cm 0cm 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif;" class=""><span style="font-size: 8pt; font-family: 'Times New Roman', serif; color: rgb(161, 161, 161);" class="">SDL PLC confidential, all rights reserved. If you are not the intended recipient of this mail SDL requests and requires that you delete it without acting upon or copying any of its contents, and we further request that you advise us.<br class=""><br class="">SDL PLC is a public limited company registered in England and Wales. Registered number: 02675207.<span class="Apple-converted-space"> </span><br class="">Registered address: Globe House, Clivemont Road, Maidenhead, Berkshire SL6 7DY, UK.<span class="Apple-converted-space"> </span></span><span style="font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><o:p class=""></o:p></span></div></td></tr></tbody></table><p class="MsoNormal" style="margin: 0cm 0cm 12pt; font-size: 11pt; font-family: Calibri, sans-serif;"><span lang="EN-US" style="font-size: 12pt; font-family: 'Times New Roman', serif;" class=""><br class=""><br class=""><o:p class=""></o:p></span></p><p align="center" style="margin-right: 0cm; margin-left: 0cm; font-size: 12pt; font-family: 'Times New Roman', serif; text-align: center;" class=""><span lang="EN-US" style="background-color: white; background-position: initial initial; background-repeat: initial initial;" class="">This message has been scanned for malware by Websense.<span class="Apple-converted-space"> </span></span><span lang="EN-US" class=""><a href="http://www.websense.com/" style="color: rgb(149, 79, 114); text-decoration: underline;" class=""><span style="background-color: white;" class="">www.websense.com</span></a></span></p></div></div></div></div><br class=""></body></html>