<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=big5" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19190">
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT color=#0000ff size=2 face=Verdana>Dear Sirs,</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff><FONT size=2 face=Verdana>Client
A---------------openswan gateway-----------------------<U></U>-------openswan
gateway---------------------Client B<BR>192.168.1.2
192.168.1.1 111.243.150.251 111.243.158.170
192.168.2.1 192.168.2.2</FONT></FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>
<DIV>I merged the openswan(2.6.37) into embedded linux(2.6.30 mips) and tried to
make the connection with another ipsec system(openswan) as above.The tunnel
seem to be built successfully and Client A can ping to Client B.But I
would like to make the encryption for all packet to pass through the
tunnel.It's failed.From the wireshark,All packet is not
encryption.Please help on this issue,thank's. </FONT><FONT
color=#0000ff><FONT size=2 face=Verdana></DIV></DIV></FONT></FONT>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Best Regards,</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Ozai</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>
<DIV><FONT color=#0000ff size=2 face=Verdana># cat /var/ipsec.conf<BR>#
/etc/ipsec.conf - Openswan IPsec configuration file</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana># This file:
/usr/local/share/doc/openswan/ipsec.conf-sample<BR>#<BR>#
Manual: ipsec.conf.5</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana><BR>version
2.0 # conforms to second version of ipsec.conf
specification</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana># basic configuration<BR>config
setup<BR> # Do not set debug options
to debug configuration issues!<BR> #
plutodebug / klipsdebug = "all", "none" or a combation from
below:<BR> # "raw crypt parsing
emitting control klips pfkey natt x509 dpd private"</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2
face=Verdana> #
eg:<BR> # plutodebug="control
parsing"<BR> # Again: only enable
plutodebug or klipsdebug when asked by a
developer<BR>
#<BR> # enable to get logs
per-peer<BR> #
plutoopts="--perpeerlog"<BR>
#<BR> # Enable core dumps (might
require system changes, like ulimit
-C)<BR> # This is required for abrtd
to work properly<BR> # Note: incorrect
SElinux policies might prevent pluto writing the
core<BR>
dumpdir=/var/run/pluto/<BR>
#<BR> # NAT-TRAVERSAL support, see
README.NAT-Traversal<BR>
nat_traversal=yes<BR> # exclude
networks used on server side by adding
%v4:!a.b.c.0/24<BR> # It seems that
T-Mobile in the US and Rogers/Fido in Canada
are<BR> # using 25/8 as "private"
address space on their 3G network.<BR>
# This range has not been announced via BGP (at least upto
2010-12-21)<BR>
virtual_private=%v4:192.168.1.0/24,%v4:192.168.2.0/24<BR>
interfaces=ipsec0=ppp0<BR> # OE is now
off by default. Uncomment and change to on, to
enable.<BR>
oe=off<BR> # which IPsec stack to use.
auto will try netkey, then klips then
mast<BR>
protostack=klips<BR> # Use this to log
to a file, or disable logging on embedded systems (lik<BR>e
openwrt)<BR>
#plutostderrlog=/dev/null</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana># Add connections here</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana># sample VPN connection<BR># for
more examples, see /etc/ipsec.d/examples/<BR>conn
sample<BR>#
# Left security gateway, subnet behind it, nexthop toward right.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2
face=Verdana>
left=111.243.150.251<BR>
leftsubnet=192.168.1.0/24<BR>#
leftnexthop=192.168.1.1<BR>#
# Right security gateway, subnet behind it, nexthop toward left.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2
face=Verdana>
right=111.243.158.170<BR>
rightsubnet=192.168.2.0/24<BR>#
rightnexthop=192.168.2.1<BR>#
# To authorize this connection, but not actually start
it,<BR>#
# at startup, uncomment
this.<BR>
pfs=yes<BR>
keyexchange=ike<BR>
ike=3des-md5-modp1024<BR>
esp=3des-md5<BR>
disablearrivalcheck=no</FONT></DIV>
<DIV><FONT color=#0000ff size=2
face=Verdana>
compress=yes<BR>
auth=esp<BR>
type=tunnel<BR>
authby=secret<BR>
auto=start</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>#</FONT></DIV></FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana># insmod
ipsec.ko<BR>klips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack
version: 2.6.37</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>NET: Registered protocol family
15<BR>ipsec0 (): not using net_device_ops yet<BR>ipsec1 (): not using
net_device_ops yet<BR>mast0 (): not using net_device_ops yet<BR>registered KLIPS
/proc/sys/net<6>klips_info:ipsec_alg_init: KLIPS alg
v=0.8.1-0<BR>(EALG_MAX=255, AALG_MAX=251)<BR>klips_info:ipsec_alg_init: calling
ipsec_alg_static_init()<BR>ipsec_aes_init(alg_type=15 alg_id=12 name=aes):
ret=0<BR>ipsec_aes_init(alg_type=14 alg_id=9 name=aes_mac):
ret=0<BR>ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0<BR>KLIPS
cryptoapi interface: alg_type=15 alg_id=12 name=cbc(aes) keyminbits=128
ke<BR>ymaxbits=256, found(0)<BR>KLIPS: lookup for ciphername=cbc(twofish): not
found<BR>KLIPS: lookup for ciphername=cbc(serpent): not found<BR>KLIPS: lookup
for ciphername=cbc(cast5): not found<BR>KLIPS: lookup for
ciphername=cbc(blowfish): not found<BR>KLIPS cryptoapi interface: alg_type=15
alg_id=3 name=cbc(des3_ede) keyminbits=19<BR>2 keymaxbits=192,
found(0)</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana> </DIV>
<DIV><BR># ipsec setup start<BR>/lib/libexec/ipsec/setup: 65: id: not
found<BR>[: 0: unknown operand<BR>ipsec_setup: Starting Openswan IPsec
2.6.37...<BR>ipsec_setup: /lib/ipsec/_startklips: 31: head: not
found<BR>ipsec_setup: /lib/ipsec/_startklips: 32: head: not
found<BR>ipsec_setup: [: 1000: unknown operand</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>ipsec_setup:
/lib/ipsec/_startklips: 451: cut: not found<BR>ipsec_setup:
/lib/ipsec/_startklips: 451: sort: not found<BR>ipsec_setup: ipsec0 -> NULL
mtu=0(0) -> 0<BR>Jan 1 06:02:59 pluto[9574]: Starting Pluto (Openswan
Version 2.6.37; Vendor ID<BR>OEu\134d\134jy\134\134ap) pid:9574<BR>Jan 1
06:02:59 pluto[9574]: LEAK_DETECTIVE support [disabled]<BR>Jan 1 06:02:59
pluto[9574]: OCF support for IKE [disabled]<BR>Jan 1 06:02:59 pluto[9574]:
SAref support [disabled]: Protocol not available<BR>Jan 1 06:02:59
pluto[9574]: SAbind support [disabled]: Protocol not available<BR>Jan 1
06:02:59 pluto[9574]: NSS support [disabled]<BR>Jan 1 06:02:59
pluto[9574]: HAVE_STATSD notification support not compiled in<BR>Jan 1
06:02:59 pluto[9574]: Setting NAT-Traversal port-4500 floating to
on<BR>Jan 1 06:02:59 pluto[9574]: port floating
activation criteria nat_t=1/port_f<BR>loat=1<BR>Jan 1 06:02:59
pluto[9574]: NAT-Traversal support
[enabled]<BR>Jan 1 06:02:59 pluto[9574]: using /dev/urandom as source of
random entropy<BR>Jan 1 06:03:00 pluto[9574]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC:<BR>Ok (ret=0)<BR>Jan 1 06:03:00 pluto[9574]:
starting up 1 cryptographic helpers<BR>Jan 1 06:03:00 pluto[9579]: using
/dev/urandom as source of random entropy<BR>Jan 1 06:03:00 pluto[9574]:
started helper pid=9579 (fd:5)<BR>Jan 1 06:03:00 pluto[9574]: Using KLIPS
IPsec interface code on 2.6.30<BR># Jan 1 06:03:00 pluto[9574]: Could not
change to directory '/var/ipsec.d/cacer<BR>ts': /var/run/pluto<BR>Jan 1
06:03:00 pluto[9574]: Could not change to directory '/var/ipsec.d/aacerts<BR>':
/var/run/pluto<BR>Jan 1 06:03:00 pluto[9574]: Could not change to
directory '/var/ipsec.d/ocspcer<BR>ts': /var/run/pluto<BR>Jan 1 06:03:00
pluto[9574]: Could not change to directory '/var/ipsec.d/crls'<BR>Jan 1
06:03:00 pluto[9574]: added connection description "sample"<BR>Jan 1
06:03:00 pluto[9574]: listening for IKE messages<BR>Jan 1 06:03:00
pluto[9574]: adding interface ipsec0/ppp0 111.243.150.251:500<BR>Jan 1
06:03:00 pluto[9574]: adding interface ipsec0/ppp0
111.243.150.251:4500<BR>Jan 1 06:03:00 pluto[9574]: ERROR: problem with
secrets file "/var". Errno 9: B<BR>ad file descriptor<BR>Jan 1 06:03:00
pluto[9574]: loading secrets from "/var/ipsec.secrets"<BR>Jan 1 06:03:01
pluto[9574]: "sample" #1: initiating Main Mode<BR>Jan 1 06:03:01
pluto[9574]: "sample" #1: received Vendor ID payload [Openswan (<BR>this
version) 2.6.37 ]<BR>Jan 1 06:03:01 pluto[9574]: "sample" #1: received
Vendor ID payload [Dead Peer<BR>Detection]<BR>Jan 1 06:03:01 pluto[9574]:
"sample" #1: received Vendor ID payload [RFC 3947]<BR>method set
to=109<BR>Jan 1 06:03:01 pluto[9574]: "sample" #1: enabling possible
NAT-traversal with m<BR>ethod 4<BR>Jan 1 06:03:01 pluto[9574]: "sample"
#1: transition from state STATE_MAIN_I1 to<BR> state
STATE_MAIN_I2<BR>Jan 1 06:03:01 pluto[9574]: "sample" #1: STATE_MAIN_I2:
sent MI2, expecting MR2</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Jan 1 06:03:02 pluto[9574]:
"sample" #1: NAT-Traversal: Result using RFC 3947 (<BR>NAT-Traversal): no NAT
detected<BR>Jan 1 06:03:02 pluto[9574]: "sample" #1: transition from state
STATE_MAIN_I2 to<BR> state STATE_MAIN_I3<BR>Jan 1 06:03:02
pluto[9574]: "sample" #1: STATE_MAIN_I3: sent MI3, expecting MR3</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Jan 1 06:03:02 pluto[9574]:
"sample" #1: received Vendor ID payload [CAN-IKEv2]</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Jan 1 06:03:02 pluto[9574]:
"sample" #1: Main mode peer ID is ID_IPV4_ADDR:
'11<BR>1.243.158.170'<BR>Jan 1 06:03:02 pluto[9574]: "sample" #1:
transition from state STATE_MAIN_I3 to<BR> state STATE_MAIN_I4<BR>Jan
1 06:03:02 pluto[9574]: "sample" #1: STATE_MAIN_I4: ISAKMP SA established
{<BR>auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
group=modp10<BR>24}<BR>Jan 1 06:03:02 pluto[9574]: "sample" #2: initiating
Quick Mode PSK+ENCRYPT+COMP<BR>RESS+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using
isakmp#1 msgid:24d66534 proposal<BR>=3DES(3)_192-MD5(1)_128
pfsgroup=OAKLEY_GROUP_MODP1024}<BR>Jan 1 06:03:02 pluto[9574]: "sample"
#2: transition from state STATE_QUICK_I1 t<BR>o state
STATE_QUICK_I2<BR>Jan 1 06:03:02 pluto[9574]: "sample" #2: STATE_QUICK_I2:
sent QI2, IPsec SA est<BR>ablished tunnel mode {ESP=>0x5df646a8
<0xdf3fcee9 xfrm=3DES_0-HMAC_MD5 IPCOMP=>0<BR>x0000d84b <0x0000cf2e
NATOA=none NATD=none DPD=none}<BR>Jan 1 06:03:17 pluto[9574]: packet from
111.243.158.170:500: received Vendor ID<BR> payload [Openswan (this
version) 2.6.37 ]<BR>Jan 1 06:03:17 pluto[9574]: packet from
111.243.158.170:500: received Vendor ID<BR> payload [Dead Peer
Detection]<BR>Jan 1 06:03:17 pluto[9574]: packet from 111.243.158.170:500:
received Vendor ID<BR> payload [RFC 3947] method set to=109<BR>Jan 1
06:03:17 pluto[9574]: packet from 111.243.158.170:500: received Vendor
ID<BR> payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using
method 109<BR>Jan 1 06:03:17 pluto[9574]: packet from 111.243.158.170:500:
received Vendor ID<BR> payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106,
but already using method 10<BR>9<BR>Jan 1 06:03:17 pluto[9574]: packet
from 111.243.158.170:500: received Vendor ID<BR> payload
[draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method
109<BR>Jan 1 06:03:17 pluto[9574]: packet from 111.243.158.170:500:
received Vendor ID<BR> payload [draft-ietf-ipsec-nat-t-ike-00]<BR>Jan
1 06:03:17 pluto[9574]: "sample" #3: responding to Main Mode<BR>Jan 1
06:03:17 pluto[9574]: "sample" #3: transition from state STATE_MAIN_R0
to<BR> state STATE_MAIN_R1<BR>Jan 1 06:03:17 pluto[9574]: "sample"
#3: STATE_MAIN_R1: sent MR1, expecting MI2</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Jan 1 06:03:17 pluto[9574]:
"sample" #3: NAT-Traversal: Result using RFC 3947 (<BR>NAT-Traversal): no NAT
detected<BR>Jan 1 06:03:18 pluto[9574]: "sample" #3: transition from state
STATE_MAIN_R1 to<BR> state STATE_MAIN_R2<BR>Jan 1 06:03:18
pluto[9574]: "sample" #3: STATE_MAIN_R2: sent MR2, expecting MI3</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Jan 1 06:03:18 pluto[9574]:
"sample" #3: Main mode peer ID is ID_IPV4_ADDR:
'11<BR>1.243.158.170'<BR>Jan 1 06:03:18 pluto[9574]: "sample" #3:
transition from state STATE_MAIN_R2 to<BR> state STATE_MAIN_R3<BR>Jan
1 06:03:18 pluto[9574]: "sample" #3: STATE_MAIN_R3: sent MR3, ISAKMP SA
est<BR>ablished {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_md5 gr<BR>oup=modp1024}<BR>Jan 1 06:03:18 pluto[9574]: "sample"
#3: the peer proposed: 192.168.1.0/24:0/0<BR>->
192.168.2.0/24:0/0<BR>Jan 1 06:03:18 pluto[9574]: "sample" #4: responding
to Quick Mode proposal {msg<BR>id:89a57974}<BR>Jan 1 06:03:18 pluto[9574]:
"sample" #4: us:
192.168.1.0/24===111.243.150.2<BR>51<111.243.150.251>[+S=C]<BR>Jan 1
06:03:18 pluto[9574]: "sample" #4: them:
111.243.158.170<111.243.158.17<BR>0>[+S=C]===192.168.2.0/24<BR>Jan 1
06:03:18 pluto[9574]: "sample" #4: keeping refhim=1 during rekey<BR>Jan 1
06:03:18 pluto[9574]: "sample" #4: transition from state STATE_QUICK_R0 t<BR>o
state STATE_QUICK_R1<BR>Jan 1 06:03:18 pluto[9574]: "sample" #4:
STATE_QUICK_R1: sent QR1, inbound IPse<BR>c SA installed, expecting
QI2<BR>Jan 1 06:03:18 pluto[9574]: "sample" #4: transition from state
STATE_QUICK_R1 t<BR>o state STATE_QUICK_R2<BR>Jan 1 06:03:18 pluto[9574]:
"sample" #4: STATE_QUICK_R2: IPsec SA established t<BR>unnel mode
{ESP=>0x5df646a9 <0xdf3fceea xfrm=3DES_0-HMAC_MD5
IPCOMP=>0x0000d84c<BR><0x0000cf2f NATOA=none NATD=none
DPD=none}</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>Openswan 2.6.37<BR># ipsec whack
--status<BR>000 using kernel interface: klips<BR>000 interface ipsec0/ppp0
111.243.150.251<BR>000 interface ipsec0/ppp0 111.243.150.251<BR>000 %myid =
(none)<BR>000 debug none<BR>000<BR>000 virtual_private (%priv):<BR>000 - allowed
2 subnets: 192.168.1.0/24, 192.168.2.0/24<BR>000 - disallowed 0 subnets:<BR>000
WARNING: Disallowed subnets in virtual_private= is empty. If you
have<BR>000 private
address space in internal use, it should be excluded!<BR>000<BR>000 algorithm
ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192,
keysiz<BR>emax=192<BR>000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128,
keysizemin=128, keysi<BR>zemax=256<BR>000 algorithm ESP auth attr: id=1,
name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128,<BR> keysizemax=128<BR>000
algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160<BR>, keysizemax=160<BR>000 algorithm ESP auth attr: id=9,
name=AUTH_ALGORITHM_AES_CBC, keysizemin=128,<BR>keysizemax=128<BR>000<BR>000
algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=19<BR>2<BR>000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC,
blocksize=16, keydeflen=12<BR>8<BR>000 algorithm IKE hash: id=1,
name=OAKLEY_MD5, hashsize=16<BR>000 algorithm IKE hash: id=2, name=OAKLEY_SHA1,
hashsize=20<BR>000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024,
bits=1024<BR>000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536,
bits=1536<BR>000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048,
bits=2048<BR>000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072,
bits=3072<BR>000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096,
bits=4096<BR>000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144,
bits=6144<BR>000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192,
bits=8192<BR>000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22,
bits=1024<BR>000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23,
bits=2048<BR>000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24,
bits=2048<BR>000<BR>000 stats db_ops: {curr_cnt, total_cnt, maxsz}
:context={0,2,36} trans={0,2,180}<BR> attrs={0,2,240}<BR>000<BR>000
"sample":
192.168.1.0/24===111.243.150.251<111.243.150.251>[+S=C]...111.243.<BR>158.170<111.243.158.170>[+S=C]===192.168.2.0/24;
erouted; eroute owner: #4<BR>000 "sample": myip=unset;
hisip=unset;<BR>000 "sample": ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_f<BR>uzz: 100%; keyingtries: 0<BR>000
"sample": policy:
PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK<BR>+lKOD+rKOD; prio:
24,24; interface: ppp0;<BR>000 "sample": newest ISAKMP SA: #3;
newest IPsec SA: #4;<BR>000 "sample": newest ISAKMP SA: #3; newest
IPsec SA: #4;<BR>lags=-strict<BR>000 "sample": IKE algorithms
found: 3DES_CBC(5)_192-MD5(1)_128-MODP1024(2)<BR>000 "sample":
IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024<BR>000 "sample": ESP
algorithms wanted: 3DES(3)_000-MD5(1)_000; flags=-strict<BR>000
"sample": ESP algorithms loaded: 3DES(3)_192-MD5(1)_128<BR>000
"sample": ESP algorithm newest: 3DES_000-HMAC_MD5;
pfsgroup=<Phase1><BR>000<BR>000 #2: "sample":500 STATE_QUICK_I2 (sent QI2,
IPsec SA established); EVENT_SA_R<BR>EPLACE in 25529s; isakmp#1; idle;
import:admin initiate<BR>000 #2: "sample" <A
href="mailto:esp.5df646a8@111.243.158.170">esp.5df646a8@111.243.158.170</A> <A
href="mailto:esp.df3fcee9@111.243.150.251">esp.df3fcee9@111.243.150.251</A>
comp.<BR><A href="mailto:d84b@111.243.158.170">d84b@111.243.158.170</A> <A
href="mailto:comp.cf2e@111.243.150.251">comp.cf2e@111.243.150.251</A> <A
href="mailto:tun.1001@111.243.158.170">tun.1001@111.243.158.170</A>
tun.1002<BR>@111.243.150.251 ref=4 refhim=1<BR>000 #1: "sample":500
STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in<BR>462s;
lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate<BR>000 #4: "sample":500
STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in<BR>26094s; newest
IPSEC; eroute owner; isakmp#3; idle; import:not set<BR>000 #4: "sample" used 53s
ago; <A
href="mailto:esp.5df646a9@111.243.158.170">esp.5df646a9@111.243.158.170</A> <A
href="mailto:esp.df3fceea@111.243">esp.df3fceea@111.243</A><BR>.150.251 <A
href="mailto:comp.d84c@111.243.158.170">comp.d84c@111.243.158.170</A> <A
href="mailto:comp.cf2f@111.243.150.251">comp.cf2f@111.243.150.251</A> <A
href="mailto:tun.1004@111.243.15">tun.1004@111.243.15</A><BR>8.170 <A
href="mailto:tun.1003@111.243.150.251">tun.1003@111.243.150.251</A> ref=7
refhim=1<BR>000 #3: "sample":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_R<BR>EPLACE in 894s; newest ISAKMP; lastdpd=-1s(seq in:0
out:0); idle; import:not set</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana>000<BR>#</FONT></DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana></FONT> </DIV>
<DIV><FONT color=#0000ff size=2 face=Verdana> </DIV>
<DIV><BR></DIV></FONT></BODY></HTML>