[Openswan Users]
Pix 7.0.5, pix 6.3.5 and Openswan connectivity issues
arno van der walt
vex0r2002 at hotmail.com
Tue Aug 1 01:52:03 CEST 2006
Hi
We have in the order of 40 VPN tunnels from a Pix firewall to various
Openswan boxes. Since our initial roll out we've seen that the tunnel would
drop intermittently. We wrote wrapper scripts and cron'd it to bounce the
tunnels when they go down by monitoring file build up and icmp timeouts,
redirects etc.
After about a year of having these VPN tunnels in production we're trying to
get to bottom of the VPN drops rather than applying band aids.
The Openswan box is 1.1.1.1 and the Pix is 2.2.2.2. After 75% of the IPSec
SA timer expires, the pix initiates a rekey. In this particular scenario the
Openswan box does not rekey but keeps its SA's active which effectively
renders the tunnels useless, since the two devices cannot establish or agree
upon the SA.
We've dropped the IPSec SA timer down to one hour and our tunnel dropped 45
minutes into every hour as the Pix tried to rekey. It is currently set to
28800 for bith SA's.
We're running Fedora Core 4, Openswan 2.4.4, kernel 2.6.17.
Take a look at the DPD, it just keeps on incrementing, almost as if DPD is
not interopreable.
Would upgrading to 2.4.5 with the DPD enhancements help? We're fairly open
to suggestion at this stage.
=======================================================
Openswan
---------------------------------------------------------------------------------------------------------------------------
[root at bob ~]# /usr/sbin/ipsec auto --status
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 10.1.254.126
000 %myid = (none)
000 debug
raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+pfkey+nattraversal+x509
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40,
keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops.c: {curr_cnt, total_cnt, maxsz} :context={0,11,36}
trans={0,11,336} attrs={0,11,224}
000
000 "tunnelipsec":
0.0.0.0/0===10.1.254.126---10.1.254.65...2.2.2.3---2.2.2.2===10.213.27.0/24;
erouted; eroute owner: #37
000 "tunnelipsec": srcip=unset; dstip=unset; srcup=ipsec _updown;
dstup=ipsec _updown;
000 "tunnelipsec": ike_life: 28800s; ipsec_life: 3600s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 0
000 "tunnelipsec": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 0,24;
interface: eth0;
000 "tunnelipsec": newest ISAKMP SA: #35; newest IPsec SA: #37;
000 "tunnelipsec": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024
000 "tunnelipsec": ESP algorithms wanted: 3_000-1, flags=-strict
000 "tunnelipsec": ESP algorithms loaded: 3_000-1, flags=-strict
000 "tunnelipsec": ESP algorithm newest: 3DES_0-HMAC_MD5;
pfsgroup=<Phase1>
000
000 #37: "tunnelipsec":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
EVENT_SA_REPLACE in 2353s; newest IPSEC; eroute owner
000 #37: "tunnelipsec" esp.3fc41a81 at 2.2.2.2 esp.c85a4c49 at 10.1.254.126
tun.0 at 2.2.2.2 tun.0 at 10.1.254.126
000 #35: "tunnelipsec":500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 27590s; newest ISAKMP; lastdpd=311s(seq in:0 out:0)
000
=======================================================
Pix log
---------------------------------------------------------------------------------------------------------------------------
Jul 31 14:15:03 2.2.2.2 Jul 31 2006 14:16:25: %PIX-6-302015: Built outbound
UDP connection 30673128 for outside:1.1.1.1/500 (1.1.1.1/500) to NP Identity
Ifc:2.2.2.2/500 (2.2.2.2/500)
Jul 31 14:15:09 2.2.2.2 Jul 31 2006 14:16:31: %PIX-3-713123: Group =
1.1.1.1, IP = 1.1.1.1, IKE lost contact with remote peer, deleting
connection (keepalive type: DPD)
Jul 31 14:15:09 2.2.2.2 Jul 31 2006 14:16:31: %PIX-6-602304: IPSEC: An
inbound LAN-to-LAN SA (SPI= 0x72F45DCB) between 2.2.2.2 and 1.1.1.1 (user=
1.1.1.1) has been deleted.
Jul 31 14:15:09 2.2.2.2 Jul 31 2006 14:16:31: %PIX-6-602304: IPSEC: An
outbound LAN-to-LAN SA (SPI= 0xCE19C3AE) between 2.2.2.2 and 1.1.1.1 (user=
1.1.1.1) has been deleted.
Jul 31 14:15:09 2.2.2.2 Jul 31 2006 14:16:31: %PIX-3-713902: Group =
1.1.1.1, IP = 1.1.1.1, Removing peer from peer table failed, no match!
Jul 31 14:15:09 2.2.2.2 Jul 31 2006 14:16:31: %PIX-4-713903: Group =
1.1.1.1, IP = 1.1.1.1, Error: Unable to remove PeerTblEntry
Jul 31 14:15:09 2.2.2.2 Jul 31 2006 14:16:31: %PIX-4-113019: Group =
1.1.1.1, Username = 1.1.1.1, IP = 1.1.1.1, Session disconnected. Session
Type: IPSecLAN2LAN, Duration: 0h:24m:19s, Bytes xmt: 642337, Bytes rcv:
3623975, Reason: Lost Service
Jul 31 14:15:15 2.2.2.2 Jul 31 2006 14:16:37: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:15:47 2.2.2.2 Jul 31 2006 14:17:09: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:15:47 2.2.2.2 Jul 31 2006 14:17:09: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:15:47 2.2.2.2 Jul 31 2006 14:17:09: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:16:19 2.2.2.2 Jul 31 2006 14:17:41: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:16:19 2.2.2.2 Jul 31 2006 14:17:41: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:16:19 2.2.2.2 Jul 31 2006 14:17:41: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:16:51 2.2.2.2 Jul 31 2006 14:18:13: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:16:51 2.2.2.2 Jul 31 2006 14:18:13: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:16:51 2.2.2.2 Jul 31 2006 14:18:13: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:17:23 2.2.2.2 Jul 31 2006 14:18:45: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:17:23 2.2.2.2 Jul 31 2006 14:18:45: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:17:23 2.2.2.2 Jul 31 2006 14:18:45: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:17:55 2.2.2.2 Jul 31 2006 14:19:17: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:17:55 2.2.2.2 Jul 31 2006 14:19:17: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:17:56 2.2.2.2 Jul 31 2006 14:19:17: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:18:28 2.2.2.2 Jul 31 2006 14:19:49: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:18:28 2.2.2.2 Jul 31 2006 14:19:49: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:18:28 2.2.2.2 Jul 31 2006 14:19:49: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:19:00 2.2.2.2 Jul 31 2006 14:20:21: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:19:00 2.2.2.2 Jul 31 2006 14:20:21: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:19:00 2.2.2.2 Jul 31 2006 14:20:21: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:19:32 2.2.2.2 Jul 31 2006 14:20:53: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:19:32 2.2.2.2 Jul 31 2006 14:20:53: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:19:32 2.2.2.2 Jul 31 2006 14:20:54: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:20:04 2.2.2.2 Jul 31 2006 14:21:26: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:20:04 2.2.2.2 Jul 31 2006 14:21:26: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:20:04 2.2.2.2 Jul 31 2006 14:21:26: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:20:36 2.2.2.2 Jul 31 2006 14:21:58: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:20:36 2.2.2.2 Jul 31 2006 14:21:58: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:20:36 2.2.2.2 Jul 31 2006 14:21:58: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:21:08 2.2.2.2 Jul 31 2006 14:22:30: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:21:08 2.2.2.2 Jul 31 2006 14:22:30: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:21:08 2.2.2.2 Jul 31 2006 14:22:30: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:21:40 2.2.2.2 Jul 31 2006 14:23:02: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:21:40 2.2.2.2 Jul 31 2006 14:23:02: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:21:40 2.2.2.2 Jul 31 2006 14:23:02: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:22:12 2.2.2.2 Jul 31 2006 14:23:34: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:22:12 2.2.2.2 Jul 31 2006 14:23:34: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:22:12 2.2.2.2 Jul 31 2006 14:23:34: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:22:44 2.2.2.2 Jul 31 2006 14:24:06: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:22:44 2.2.2.2 Jul 31 2006 14:24:06: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:22:45 2.2.2.2 Jul 31 2006 14:24:07: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:23:17 2.2.2.2 Jul 31 2006 14:24:39: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:23:17 2.2.2.2 Jul 31 2006 14:24:39: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:23:17 2.2.2.2 Jul 31 2006 14:24:39: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:23:49 2.2.2.2 Jul 31 2006 14:25:11: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:23:49 2.2.2.2 Jul 31 2006 14:25:11: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:23:50 2.2.2.2 Jul 31 2006 14:25:11: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:24:22 2.2.2.2 Jul 31 2006 14:25:43: %PIX-3-713902: IP = 1.1.1.1,
Removing peer from peer table failed, no match!
Jul 31 14:24:22 2.2.2.2 Jul 31 2006 14:25:43: %PIX-4-713903: IP = 1.1.1.1,
Error: Unable to remove PeerTblEntry
Jul 31 14:24:22 2.2.2.2 Jul 31 2006 14:25:44: %PIX-5-713041: IP = 1.1.1.1,
IKE Initiator: New Phase 1, Intf 6, IKE Peer 1.1.1.1 local Proxy Address
10.213.27.0, remote Proxy Address 0.0.0.0, Crypto map (outside_map)
Jul 31 14:24:44 2.2.2.2 Jul 31 2006 14:26:05: %PIX-5-713904: IP = 1.1.1.1,
Received encrypted packet with no matching SA, dropping
Jul 31 14:24:45 2.2.2.2 Jul 31 2006 14:26:06: %PIX-5-713904: IP = 1.1.1.1,
Received encrypted packet with no matching SA, dropping
Jul 31 14:25:00 2.2.2.2 Jul 31 2006 14:26:21: %PIX-4-713903: Group =
1.1.1.1, IP = 1.1.1.1, Freeing previously allocated memory for
authorization-dn-attributes
Jul 31 14:25:00 2.2.2.2 Jul 31 2006 14:26:21: %PIX-6-113009: AAA retrieved
default group policy (DfltGrpPolicy) for user = 1.1.1.1
Jul 31 14:25:00 2.2.2.2 Jul 31 2006 14:26:21: %PIX-3-713119: Group =
1.1.1.1, IP = 1.1.1.1, PHASE 1 COMPLETED
Jul 31 14:25:01 2.2.2.2 Jul 31 2006 14:26:23: %PIX-5-713201: Group =
1.1.1.1, IP = 1.1.1.1, Duplicate Phase 1 packet detected. Retransmitting
last packet.
Jul 31 14:25:01 2.2.2.2 Jul 31 2006 14:26:23: %PIX-6-713905: Group =
1.1.1.1, IP = 1.1.1.1, P1 Retransmit msg dispatched to MM FSM
Jul 31 14:25:11 2.2.2.2 Jul 31 2006 14:26:33: %PIX-6-602303: IPSEC: An
outbound LAN-to-LAN SA (SPI= 0xC85A4C49) between 2.2.2.2 and 1.1.1.1 (user=
1.1.1.1) has been created.
Jul 31 14:25:11 2.2.2.2 Jul 31 2006 14:26:33: %PIX-5-713049: Group =
1.1.1.1, IP = 1.1.1.1, Security negotiation complete for LAN-to-LAN Group
(1.1.1.1) Responder, Inbound SPI = 0x3fc41a81, Outbound SPI = 0xc85a4c49
Jul 31 14:25:11 2.2.2.2 Jul 31 2006 14:26:33: %PIX-6-602303: IPSEC: An
inbound LAN-to-LAN SA (SPI= 0x3FC41A81) between 2.2.2.2 and 1.1.1.1 (user=
1.1.1.1) has been created.
Jul 31 14:25:11 2.2.2.2 Jul 31 2006 14:26:33: %PIX-6-713905: Group =
1.1.1.1, IP = 1.1.1.1, Starting P2 Rekey timer to expire in 3056 seconds
Jul 31 14:25:11 2.2.2.2 Jul 31 2006 14:26:33: %PIX-5-713120: Group =
1.1.1.1, IP = 1.1.1.1, PHASE 2 COMPLETED (msgid=e62e3d43)
Jul 31 14:25:12 2.2.2.2 Jul 31 2006 14:26:34: %PIX-5-713201: Group =
1.1.1.1, IP = 1.1.1.1, Duplicate Phase 1 packet detected. No last packet to
retransmit.
Jul 31 14:25:23 2.2.2.2 Jul 31 2006 14:26:45: %PIX-5-713136: IP = 1.1.1.1,
IKE session establishment timed out [MM_WAIT_MSG4], aborting!
Jul 31 14:25:32 2.2.2.2 Jul 31 2006 14:26:53: %PIX-5-713201: Group =
1.1.1.1, IP = 1.1.1.1, Duplicate Phase 1 packet detected. No last packet to
retransmit.
Jul 31 14:27:36 2.2.2.2 Jul 31 2006 14:28:58: %PIX-6-302016: Teardown UDP
connection 30673128 for outside:1.1.1.1/500 to NP Identity Ifc:2.2.2.2/500
duration 0:12:32 bytes 28360
Session Type: LAN-to-LAN Detailed
Connection : 1.1.1.1
Index : 33 IP Addr : 1.1.1.1
Protocol : IPSecLAN2LAN Encryption : 3DES
Hashing : MD5
Bytes Tx : 798078 Bytes Rx : 128975
Login Time : 14:26:21 UTC Mon Jul 31 2006
Duration : 0h:05m:21s
Filter Name :
IKE Sessions: 1 IPSec Sessions: 1
IKE:
Session ID : 1
UDP Src Port : 500 UDP Dst Port : 500
IKE Neg Mode : Main Auth Mode : preSharedKeys
Encryption : 3DES Hashing : MD5
Rekey Int (T): 28800 Seconds Rekey Left(T): 28480 Seconds
D/H Group : 2
IPSec:
Session ID : 2
Local Addr : 10.213.27.0/255.255.255.0/0/0
Remote Addr : 0.0.0.0/0.0.0.0/0/0
Encryption : 3DES Hashing : MD5
Encapsulation: Tunnel PFS Group : 2
Rekey Int (T): 3600 Seconds Rekey Left(T): 3292 Seconds
Idle Time Out: 30 Minutes Idle TO Left : 30 Minutes
Bytes Tx : 798078 Bytes Rx : 128975
Pkts Tx : 1771 Pkts Rx : 1597
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
More information about the Users
mailing list