Snapshot of a successful Oakley.log transaction

's Computer Specifications

First off, I tried my best to choose the most
appropriate NewsGroup for this question, but
if there are better choices, please let me know.

Can anyone forward me a snapshot of their
oakley.log during a successful negotiation?
Of course feel free to modify anything to secure yourself.

I'm stuck on Oakley negotiations.

Here's what repeats in my log.
I'm pretty sure it's an "Exemption" filter,
but I tryed removing them and still had no luck.

12-30: 21:08:01:859:fcc Receive: (get) SA = 0x00000000
from 68.227.86.101.500
12-30: 21:08:01:859:fcc ISAKMP Header: (V1.0), len = 292
12-30: 21:08:01:859:fcc I-COOKIE e7731123ba0f3a44
12-30: 21:08:01:859:fcc R-COOKIE 0000000000000000
12-30: 21:08:01:859:fcc exchange: Oakley Main Mode
12-30: 21:08:01:859:fcc flags: 0
12-30: 21:08:01:859:fcc next payload: SA
12-30: 21:08:01:859:fcc message ID: 00000000
12-30: 21:08:01:859:fcc Filter to match: Src 68.227.86.101
Dst 192.168.23.132
12-30: 21:08:01:859:fcc MatchMMFilter failed 13013
12-30: 21:08:01:859:fcc Responding with new SA 0
12-30: 21:08:01:859:fcc HandleFirstPacketResponder failed
3601

There's Two NAT boxes in between the two
hosts (W2K SP3 + NAT-T update + 128-bit encryption pack;
and a Windows Server 2003 Standard Edition)

I would expect the first IKE packet from the initiator
to say "hey, do you support NAT-T?", then I would expect
from the responder "Yes, I support NAT-T, lets got to
port 4500 instead of 500, negotiate NAT-OA and NAT-D,
etc., etc., etc.,"

But what I seem to get is a rejected first packet.
I search on "MatchMMFilter failed 13013" but got nothing!

It would be nice to see a working example of an entire
Main Mode IKE negotiation.

Thanks,

paul.

ps. If anyone has a list of IPSec resources (URLs,
Newsroups, etc) they can recommend, I'd appreciate it.

's Computer Specifications

It looks like your policy truly doesn't have a matching filter that allows
it to do IPSec back to the requesting peer. What does your policy currently
look like?

As for a snap-shot of an end-to-end negotiation, would you like one for
Kerb, Cert, or psk?

--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no rights.

"Paul" <(E-Mail Removed)> wrote in message
news:0aed01c3d476$ae809e40$(E-Mail Removed)...
> First off, I tried my best to choose the most
> appropriate NewsGroup for this question, but
> if there are better choices, please let me know.
>
> Can anyone forward me a snapshot of their
> oakley.log during a successful negotiation?
> Of course feel free to modify anything to secure yourself.
>
> I'm stuck on Oakley negotiations.
>
> Here's what repeats in my log.
> I'm pretty sure it's an "Exemption" filter,
> but I tryed removing them and still had no luck.
>
> 12-30: 21:08:01:859:fcc Receive: (get) SA = 0x00000000
> from 68.227.86.101.500
> 12-30: 21:08:01:859:fcc ISAKMP Header: (V1.0), len = 292
> 12-30: 21:08:01:859:fcc I-COOKIE e7731123ba0f3a44
> 12-30: 21:08:01:859:fcc R-COOKIE 0000000000000000
> 12-30: 21:08:01:859:fcc exchange: Oakley Main Mode
> 12-30: 21:08:01:859:fcc flags: 0
> 12-30: 21:08:01:859:fcc next payload: SA
> 12-30: 21:08:01:859:fcc message ID: 00000000
> 12-30: 21:08:01:859:fcc Filter to match: Src 68.227.86.101
> Dst 192.168.23.132
> 12-30: 21:08:01:859:fcc MatchMMFilter failed 13013
> 12-30: 21:08:01:859:fcc Responding with new SA 0
> 12-30: 21:08:01:859:fcc HandleFirstPacketResponder failed
> 3601
>
> There's Two NAT boxes in between the two
> hosts (W2K SP3 + NAT-T update + 128-bit encryption pack;
> and a Windows Server 2003 Standard Edition)
>
> I would expect the first IKE packet from the initiator
> to say "hey, do you support NAT-T?", then I would expect
> from the responder "Yes, I support NAT-T, lets got to
> port 4500 instead of 500, negotiate NAT-OA and NAT-D,
> etc., etc., etc.,"
>
> But what I seem to get is a rejected first packet.
> I search on "MatchMMFilter failed 13013" but got nothing!
>
> It would be nice to see a working example of an entire
> Main Mode IKE negotiation.
>
> Thanks,
>
> paul.
>
> ps. If anyone has a list of IPSec resources (URLs,
> Newsroups, etc) they can recommend, I'd appreciate it.

's Computer Specifications

I'd like the Cert snap-shot please.

I'm playing with one of the default policies
and making some progress.

Boy, this is not simple.
It's like treading a needle.

>-----Original Message-----
>It looks like your policy truly doesn't have a matching
filter that allows
>it to do IPSec back to the requesting peer. What does
your policy currently
>look like?
>
>As for a snap-shot of an end-to-end negotiation, would
you like one for
>Kerb, Cert, or psk?
>
>--
>David
>Microsoft Windows Networking
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>"Paul" <(E-Mail Removed)> wrote in message
>news:0aed01c3d476$ae809e40$(E-Mail Removed)...
>> First off, I tried my best to choose the most
>> appropriate NewsGroup for this question, but
>> if there are better choices, please let me know.
>>
>> Can anyone forward me a snapshot of their
>> oakley.log during a successful negotiation?
>> Of course feel free to modify anything to secure
yourself.
>>
>> I'm stuck on Oakley negotiations.
>>
>> Here's what repeats in my log.
>> I'm pretty sure it's an "Exemption" filter,
>> but I tryed removing them and still had no luck.
>>
>> 12-30: 21:08:01:859:fcc Receive: (get) SA = 0x00000000
>> from 68.227.86.101.500
>> 12-30: 21:08:01:859:fcc ISAKMP Header: (V1.0), len = 292
>> 12-30: 21:08:01:859:fcc I-COOKIE e7731123ba0f3a44
>> 12-30: 21:08:01:859:fcc R-COOKIE 0000000000000000
>> 12-30: 21:08:01:859:fcc exchange: Oakley Main Mode
>> 12-30: 21:08:01:859:fcc flags: 0
>> 12-30: 21:08:01:859:fcc next payload: SA
>> 12-30: 21:08:01:859:fcc message ID: 00000000
>> 12-30: 21:08:01:859:fcc Filter to match: Src
68.227.86.101
>> Dst 192.168.23.132
>> 12-30: 21:08:01:859:fcc MatchMMFilter failed 13013
>> 12-30: 21:08:01:859:fcc Responding with new SA 0
>> 12-30: 21:08:01:859:fcc HandleFirstPacketResponder
failed
>> 3601
>>
>> There's Two NAT boxes in between the two
>> hosts (W2K SP3 + NAT-T update + 128-bit encryption pack;
>> and a Windows Server 2003 Standard Edition)
>>
>> I would expect the first IKE packet from the initiator
>> to say "hey, do you support NAT-T?", then I would expect
>> from the responder "Yes, I support NAT-T, lets got to
>> port 4500 instead of 500, negotiate NAT-OA and NAT-D,
>> etc., etc., etc.,"
>>
>> But what I seem to get is a rejected first packet.
>> I search on "MatchMMFilter failed 13013" but got
nothing!
>>
>> It would be nice to see a working example of an entire
>> Main Mode IKE negotiation.
>>
>> Thanks,
>>
>> paul.
>>
>> ps. If anyone has a list of IPSec resources (URLs,
>> Newsroups, etc) they can recommend, I'd appreciate it.
>
>
>.
>

's Computer Specifications

Reposting as I'm not seeing my reply showing up...

Here's a sample kerb negotiation:
1-20: 18:51:50:834:614 Acquire from driver: op=00000033 src=a.b.c.d.0
dst=e.f.g.h.0 proto = 0, SrcMask=0.0.0.0, DstMask=255.255.0.0, Tunnel 0,
TunnelEndpt=0.0.0.0 Inbound TunnelEndpt=0.0.0.0
1-20: 18:51:50:834:ee4 Filter to match: Src e.f.g.h Dst a.b.c.d
1-20: 18:51:50:834:ee4 MM PolicyName: 1
1-20: 18:51:50:834:ee4 MMPolicy dwFlags 2 SoftSAExpireTime 7200
1-20: 18:51:50:834:ee4 MMOffer[0] LifetimeSec 7200 QMLimit 0 DHGroup 2
1-20: 18:51:50:834:ee4 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
1-20: 18:51:50:834:ee4 MMOffer[1] LifetimeSec 7200 QMLimit 0 DHGroup 2
1-20: 18:51:50:834:ee4 MMOffer[1] Encrypt: Triple DES CBC Hash: MD5
1-20: 18:51:50:834:ee4 MMOffer[2] LifetimeSec 7200 QMLimit 0 DHGroup 1
1-20: 18:51:50:834:ee4 MMOffer[2] Encrypt: DES CBC Hash: SHA
1-20: 18:51:50:834:ee4 MMOffer[3] LifetimeSec 7200 QMLimit 0 DHGroup 1
1-20: 18:51:50:834:ee4 MMOffer[3] Encrypt: DES CBC Hash: MD5
1-20: 18:51:50:834:ee4 Auth[0]:Kerberos
1-20: 18:51:50:834:ee4 QM PolicyName: Test Security dwFlags 4
1-20: 18:51:50:834:ee4 QMOffer[0] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:50:834:ee4 QMOffer[0] dwFlags 0 dwPFSGroup 0
1-20: 18:51:50:834:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
1-20: 18:51:50:834:ee4 QMOffer[1] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:50:834:ee4 QMOffer[1] dwFlags 0 dwPFSGroup 0
1-20: 18:51:50:834:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
1-20: 18:51:50:834:ee4 QMOffer[2] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:50:834:ee4 QMOffer[2] dwFlags 0 dwPFSGroup 0
1-20: 18:51:50:834:ee4 Algo[0] Operation: AH Algo: SHA
1-20: 18:51:50:834:ee4 QMOffer[3] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:50:834:ee4 QMOffer[3] dwFlags 0 dwPFSGroup 0
1-20: 18:51:50:834:ee4 Algo[0] Operation: AH Algo: MD5
1-20: 18:51:50:834:ee4 QMOffer[4] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:50:834:ee4 QMOffer[4] dwFlags 0 dwPFSGroup 0
1-20: 18:51:50:834:ee4 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
1-20: 18:51:50:834:ee4 QMOffer[5] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:50:834:ee4 QMOffer[5] dwFlags 0 dwPFSGroup 0
1-20: 18:51:50:834:ee4 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
1-20: 18:51:50:834:ee4 QMOffer[6] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:50:834:ee4 QMOffer[6] dwFlags 0 dwPFSGroup 0
1-20: 18:51:50:834:ee4 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
1-20: 18:51:50:834:ee4 QMOffer[7] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:50:834:ee4 QMOffer[7] dwFlags 0 dwPFSGroup 0
1-20: 18:51:50:834:ee4 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
1-20: 18:51:50:834:ee4 Starting Negotiation: src = a.b.c.d.0500, dst =
e.f.g.h.0500, proto = 00, context = 00000033, ProxySrc = a.b.c.d.0000,
ProxyDst = e.f.g.h.0000 SrcMask = 0.0.0.0 DstMask = 0.0.0.0
1-20: 18:51:50:834:ee4 constructing ISAKMP Header
1-20: 18:51:50:834:ee4 constructing SA (ISAKMP)
1-20: 18:51:50:834:ee4 Constructing Vendor MS NT5 ISAKMPOAKLEY
1-20: 18:51:50:834:ee4 Constructing Vendor FRAGMENTATION
1-20: 18:51:50:834:ee4 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
1-20: 18:51:50:834:ee4 Constructing Vendor Vid-Initial-Contact
1-20: 18:51:50:834:ee4
1-20: 18:51:50:834:ee4 Sending: SA = 0x019A57D0 to e.f.g.h:Type 2.500
1-20: 18:51:50:834:ee4 ISAKMP Header: (V1.0), len = 708
1-20: 18:51:50:834:ee4 I-COOKIE 378b9e9cefc5baf5
1-20: 18:51:50:834:ee4 R-COOKIE 0000000000000000
1-20: 18:51:50:834:ee4 exchange: Oakley Main Mode
1-20: 18:51:50:834:ee4 flags: 0
1-20: 18:51:50:834:ee4 next payload: SA
1-20: 18:51:50:834:ee4 message ID: 00000000
1-20: 18:51:50:834:ee4 Ports S:f401 D:f401
1-20: 18:51:50:834:ee4
1-20: 18:51:50:834:ee4 Receive: (get) SA = 0x019a57d0 from e.f.g.h.500
1-20: 18:51:50:834:ee4 ISAKMP Header: (V1.0), len = 228
1-20: 18:51:50:834:ee4 I-COOKIE 378b9e9cefc5baf5
1-20: 18:51:50:834:ee4 R-COOKIE 4713587259605c52
1-20: 18:51:50:834:ee4 exchange: Oakley Main Mode
1-20: 18:51:50:834:ee4 flags: 0
1-20: 18:51:50:834:ee4 next payload: SA
1-20: 18:51:50:834:ee4 message ID: 00000000
1-20: 18:51:50:834:ee4 processing payload SA
1-20: 18:51:50:834:ee4 Received Phase 1 Transform 1
1-20: 18:51:50:834:ee4 Encryption Alg Triple DES CBC(5)
1-20: 18:51:50:834:ee4 Hash Alg SHA(2)
1-20: 18:51:50:834:ee4 Oakley Group 2
1-20: 18:51:50:834:ee4 Auth Method Kerberos (GSSAPI)(65001)
1-20: 18:51:50:834:ee4 Life type in Seconds
1-20: 18:51:50:834:ee4 Life duration of 7200
1-20: 18:51:50:834:ee4 SSPI len=76
1-20: 18:51:50:834:ee4 Phase 1 SA accepted: transform=1
1-20: 18:51:50:834:ee4 SA - Oakley proposal accepted
1-20: 18:51:50:834:ee4 processing payload VENDOR ID
1-20: 18:51:50:834:ee4 Received VendorId MS NT5 ISAKMPOAKLEY
1-20: 18:51:50:834:ee4 processing payload VENDOR ID
1-20: 18:51:50:834:ee4 Received VendorId FRAGMENTATION
1-20: 18:51:50:834:ee4 processing payload VENDOR ID
1-20: 18:51:50:834:ee4 Received VendorId draft-ietf-ipsec-nat-t-ike-02
1-20: 18:51:50:834:ee4 ClearFragList
1-20: 18:51:50:834:ee4 constructing ISAKMP Header
1-20: 18:51:50:897:ee4 constructing KE
1-20: 18:51:50:897:ee4 constructing NONCE (ISAKMP)
1-20: 18:51:50:897:ee4 constructing SSPI
1-20: 18:51:51:6:ee4 InitializeSecurityContext returned 590610
1-20: 18:51:51:6:ee4 Constructing NatDisc
1-20: 18:51:51:6:ee4
1-20: 18:51:51:6:ee4 Sending: SA = 0x019A57D0 to e.f.g.h:Type 2.500
1-20: 18:51:51:6:ee4 ISAKMP Header: (V1.0), len = 1441
1-20: 18:51:51:6:ee4 I-COOKIE 378b9e9cefc5baf5
1-20: 18:51:51:6:ee4 R-COOKIE 4713587259605c52
1-20: 18:51:51:6:ee4 exchange: Oakley Main Mode
1-20: 18:51:51:6:ee4 flags: 0
1-20: 18:51:51:6:ee4 next payload: KE
1-20: 18:51:51:6:ee4 message ID: 00000000
1-20: 18:51:51:6:ee4 Ports S:f401 D:f401
1-20: 18:51:51:69:ee4
1-20: 18:51:51:69:ee4 Receive: (get) SA = 0x019a57d0 from e.f.g.h.500
1-20: 18:51:51:69:ee4 ISAKMP Header: (V1.0), len = 371
1-20: 18:51:51:69:ee4 I-COOKIE 378b9e9cefc5baf5
1-20: 18:51:51:69:ee4 R-COOKIE 4713587259605c52
1-20: 18:51:51:69:ee4 exchange: Oakley Main Mode
1-20: 18:51:51:69:ee4 flags: 0
1-20: 18:51:51:69:ee4 next payload: KE
1-20: 18:51:51:69:ee4 message ID: 00000000
1-20: 18:51:51:69:ee4 processing payload KE
1-20: 18:51:51:84:ee4 processing payload NONCE
1-20: 18:51:51:84:ee4 processing payload SSPI
1-20: 18:51:51:84:ee4 InitSecCont status 0
1-20: 18:51:51:84:ee4 AUTH - Phase I SSPI authentication accepted
1-20: 18:51:51:84:ee4 processing payload NATDISC
1-20: 18:51:51:84:ee4 Processing NatHash
1-20: 18:51:51:84:ee4 Nat hash 0f5d68e86bb03f336d1464048193b249
1-20: 18:51:51:84:ee4 267a7975
1-20: 18:51:51:84:ee4 SA StateMask2 e
1-20: 18:51:51:84:ee4 processing payload NATDISC
1-20: 18:51:51:84:ee4 Processing NatHash
1-20: 18:51:51:84:ee4 Nat hash 1ae305cf7f23498dc8ab3c88418c6b2f
1-20: 18:51:51:84:ee4 15accf96
1-20: 18:51:51:84:ee4 SA StateMask2 8e
1-20: 18:51:51:84:ee4 ClearFragList
1-20: 18:51:51:84:ee4 constructing ISAKMP Header
1-20: 18:51:51:84:ee4 constructing ID
1-20: 18:51:51:84:ee4 MM ID Type 1
1-20: 18:51:51:84:ee4 MM ID 9d3b8d75
1-20: 18:51:51:84:ee4 constructing HASH
1-20: 18:51:51:84:ee4
1-20: 18:51:51:84:ee4 Sending: SA = 0x019A57D0 to e.f.g.h:Type 2.500
1-20: 18:51:51:84:ee4 ISAKMP Header: (V1.0), len = 116
1-20: 18:51:51:84:ee4 I-COOKIE 378b9e9cefc5baf5
1-20: 18:51:51:84:ee4 R-COOKIE 4713587259605c52
1-20: 18:51:51:84:ee4 exchange: Oakley Main Mode
1-20: 18:51:51:84:ee4 flags: 1 ( encrypted )
1-20: 18:51:51:84:ee4 next payload: ID
1-20: 18:51:51:84:ee4 message ID: 00000000
1-20: 18:51:51:84:ee4 Ports S:f401 D:f401
1-20: 18:51:51:84:ee4
1-20: 18:51:51:84:ee4 Receive: (get) SA = 0x019a57d0 from e.f.g.h.500
1-20: 18:51:51:84:ee4 ISAKMP Header: (V1.0), len = 116
1-20: 18:51:51:84:ee4 I-COOKIE 378b9e9cefc5baf5
1-20: 18:51:51:84:ee4 R-COOKIE 4713587259605c52
1-20: 18:51:51:84:ee4 exchange: Oakley Main Mode
1-20: 18:51:51:84:ee4 flags: 1 ( encrypted )
1-20: 18:51:51:84:ee4 next payload: ID
1-20: 18:51:51:84:ee4 message ID: 00000000
1-20: 18:51:51:84:ee4 processing payload ID
1-20: 18:51:51:84:ee4 processing payload HASH
1-20: 18:51:51:84:ee4 AUTH: Phase I authentication accepted
1-20: 18:51:51:84:ee4 ClearFragList
1-20: 18:51:51:84:ee4 MM established. SA: 019A57D0
1-20: 18:51:51:84:ee4 Peer KerbID test1$@test.test
1-20: 18:51:51:84:ee4 QM PolicyName: Test Security dwFlags 4
1-20: 18:51:51:84:ee4 QMOffer[0] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:51:84:ee4 QMOffer[0] dwFlags 0 dwPFSGroup 0
1-20: 18:51:51:84:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
1-20: 18:51:51:84:ee4 QMOffer[1] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:51:84:ee4 QMOffer[1] dwFlags 0 dwPFSGroup 0
1-20: 18:51:51:84:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
1-20: 18:51:51:84:ee4 QMOffer[2] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:51:84:ee4 QMOffer[2] dwFlags 0 dwPFSGroup 0
1-20: 18:51:51:84:ee4 Algo[0] Operation: AH Algo: SHA
1-20: 18:51:51:84:ee4 QMOffer[3] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:51:84:ee4 QMOffer[3] dwFlags 0 dwPFSGroup 0
1-20: 18:51:51:84:ee4 Algo[0] Operation: AH Algo: MD5
1-20: 18:51:51:84:ee4 QMOffer[4] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:51:84:ee4 QMOffer[4] dwFlags 0 dwPFSGroup 0
1-20: 18:51:51:84:ee4 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
1-20: 18:51:51:84:ee4 QMOffer[5] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:51:84:ee4 QMOffer[5] dwFlags 0 dwPFSGroup 0
1-20: 18:51:51:84:ee4 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
1-20: 18:51:51:84:ee4 QMOffer[6] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:51:84:ee4 QMOffer[6] dwFlags 0 dwPFSGroup 0
1-20: 18:51:51:84:ee4 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
1-20: 18:51:51:84:ee4 QMOffer[7] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:51:51:84:ee4 QMOffer[7] dwFlags 0 dwPFSGroup 0
1-20: 18:51:51:84:ee4 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
1-20: 18:51:51:84:ee4 GetSpi: src = e.f.g.h.0000, dst = a.b.c.d.0000, proto
= 00, context = 00000033, srcMask = 255.255.255.255, destMask =
255.255.255.255, TunnelFilter 0
1-20: 18:51:51:84:ee4 Setting SPI 593726832
1-20: 18:51:51:84:ee4 constructing ISAKMP Header
1-20: 18:51:51:84:ee4 constructing HASH (null)
1-20: 18:51:51:84:ee4 constructing SA (IPSEC)
1-20: 18:51:51:84:ee4 constructing NONCE (IPSEC)
1-20: 18:51:51:84:ee4 constructing ID (proxy)
1-20: 18:51:51:84:ee4 constructing ID (proxy)
1-20: 18:51:51:84:ee4 constructing HASH (QM)
1-20: 18:51:51:84:ee4
1-20: 18:51:51:84:ee4 Sending: SA = 0x019A57D0 to e.f.g.h:Type 2.500
1-20: 18:51:51:84:ee4 ISAKMP Header: (V1.0), len = 468
1-20: 18:51:51:84:ee4 I-COOKIE 378b9e9cefc5baf5
1-20: 18:51:51:84:ee4 R-COOKIE 4713587259605c52
1-20: 18:51:51:84:ee4 exchange: Oakley Quick Mode
1-20: 18:51:51:84:ee4 flags: 1 ( encrypted )
1-20: 18:51:51:84:ee4 next payload: HASH
1-20: 18:51:51:84:ee4 message ID: bb897bd1
1-20: 18:51:51:84:ee4 Ports S:f401 D:f401
1-20: 18:51:51:100:ee4
1-20: 18:51:51:100:ee4 Receive: (get) SA = 0x019a57d0 from e.f.g.h.500
1-20: 18:51:51:100:ee4 ISAKMP Header: (V1.0), len = 164
1-20: 18:51:51:100:ee4 I-COOKIE 378b9e9cefc5baf5
1-20: 18:51:51:100:ee4 R-COOKIE 4713587259605c52
1-20: 18:51:51:100:ee4 exchange: Oakley Quick Mode
1-20: 18:51:51:100:ee4 flags: 3 ( encrypted commit )
1-20: 18:51:51:100:ee4 next payload: HASH
1-20: 18:51:51:100:ee4 message ID: bb897bd1
1-20: 18:51:51:100:ee4 processing HASH (QM)
1-20: 18:51:51:100:ee4 ClearFragList
1-20: 18:51:51:100:ee4 processing payload NONCE
1-20: 18:51:51:100:ee4 processing payload ID
1-20: 18:51:51:100:ee4 processing payload ID
1-20: 18:51:51:100:ee4 processing payload SA
1-20: 18:51:51:100:ee4 Negotiated Proxy ID: Src a.b.c.d.0 Dst e.f.g.h.0
1-20: 18:51:51:100:ee4 Checking Proposal 1: Proto= ESP(3), num trans=1
Next=0
1-20: 18:51:51:100:ee4 Checking Transform # 1: ID=NULL DES(11)
1-20: 18:51:51:100:ee4 SA life type in seconds
1-20: 18:51:51:100:ee4 SA life duration 00000e10
1-20: 18:51:51:100:ee4 SA life type in kilobytes
1-20: 18:51:51:100:ee4 SA life duration 0369d036
1-20: 18:51:51:100:ee4 tunnel mode is Transport Mode(2)
1-20: 18:51:51:100:ee4 HMAC algorithm is SHA(2)
1-20: 18:51:51:100:ee4 Phase 2 SA accepted: proposal=1 transform=1
1-20: 18:51:51:100:ee4 constructing ISAKMP Header
1-20: 18:51:51:100:ee4 constructing HASH (QM)
1-20: 18:51:51:100:ee4 Adding QMs: src = a.b.c.d.0000, dst = e.f.g.h.0000,
proto = 00, context = 00000033, my tunnel = 0.0.0.0, peer tunnel = 0.0.0.0,
SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600 LifetimeKBytes
57266230 dwFlags 0 Direction 2 EncapType 1
1-20: 18:51:51:100:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
1-20: 18:51:51:100:ee4 Algo[0] MySpi: 593726832 PeerSpi: 4143305975
1-20: 18:51:51:100:ee4 Encap Ports Src 500 Dst 500
1-20: 18:51:51:100:ee4 Skipping Outbound SA add
1-20: 18:51:51:100:ee4
1-20: 18:51:51:100:ee4 Sending: SA = 0x019A57D0 to e.f.g.h:Type 2.500
1-20: 18:51:51:100:ee4 ISAKMP Header: (V1.0), len = 52
1-20: 18:51:51:100:ee4 I-COOKIE 378b9e9cefc5baf5
1-20: 18:51:51:100:ee4 R-COOKIE 4713587259605c52
1-20: 18:51:51:100:ee4 exchange: Oakley Quick Mode
1-20: 18:51:51:100:ee4 flags: 3 ( encrypted commit )
1-20: 18:51:51:100:ee4 next payload: HASH
1-20: 18:51:51:100:ee4 message ID: bb897bd1
1-20: 18:51:51:100:ee4 Ports S:f401 D:f401
1-20: 18:51:51:100:ee4
1-20: 18:51:51:100:ee4 Receive: (get) SA = 0x019a57d0 from e.f.g.h.500
1-20: 18:51:51:100:ee4 ISAKMP Header: (V1.0), len = 84
1-20: 18:51:51:100:ee4 I-COOKIE 378b9e9cefc5baf5
1-20: 18:51:51:100:ee4 R-COOKIE 4713587259605c52
1-20: 18:51:51:100:ee4 exchange: Oakley Quick Mode
1-20: 18:51:51:100:ee4 flags: 3 ( encrypted commit )
1-20: 18:51:51:100:ee4 next payload: HASH
1-20: 18:51:51:100:ee4 message ID: bb897bd1
1-20: 18:51:51:100:ee4 processing HASH (Notify/Delete)
1-20: 18:51:51:100:ee4 ClearFragList
1-20: 18:51:51:100:ee4 processing payload NOTIFY
1-20: 18:51:51:100:ee4 Adding QMs: src = a.b.c.d.0000, dst = e.f.g.h.0000,
proto = 00, context = 00000033, my tunnel = 0.0.0.0, peer tunnel = 0.0.0.0,
SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600 LifetimeKBytes
57266230 dwFlags 0 Direction 3 EncapType 1
1-20: 18:51:51:100:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
1-20: 18:51:51:100:ee4 Algo[0] MySpi: 593726832 PeerSpi: 4143305975
1-20: 18:51:51:100:ee4 Encap Ports Src 500 Dst 500
1-20: 18:51:51:100:ee4 Skipping Inbound SA add
1-20: 18:51:51:100:ee4 Peer KerbID test1$@test.test
1-20: 18:51:51:100:ee4 isadb_set_status sa:019A57D0 centry:000E5520 status
0
1-20: 18:51:51:100:ee4 CE Dead. sa:019A57D0 ce:000E5520 status:0

Here's a sample Cert negotiation:
1-20: 18:30:25:127:614 Acquire from driver: op=0000002D src=a.b.c.d.0
dst=e.f.g.h.0 proto = 0, SrcMask=0.0.0.0, DstMask=255.255.0.0, Tunnel 0,
TunnelEndpt=0.0.0.0 Inbound TunnelEndpt=0.0.0.0
1-20: 18:30:25:127:ee4 Filter to match: Src e.f.g.h Dst a.b.c.d
1-20: 18:30:25:127:ee4 MM PolicyName: 1
1-20: 18:30:25:142:ee4 MMPolicy dwFlags 2 SoftSAExpireTime 7200
1-20: 18:30:25:142:ee4 MMOffer[0] LifetimeSec 7200 QMLimit 0 DHGroup 2
1-20: 18:30:25:142:ee4 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
1-20: 18:30:25:142:ee4 MMOffer[1] LifetimeSec 7200 QMLimit 0 DHGroup 2
1-20: 18:30:25:142:ee4 MMOffer[1] Encrypt: Triple DES CBC Hash: MD5
1-20: 18:30:25:142:ee4 MMOffer[2] LifetimeSec 7200 QMLimit 0 DHGroup 1
1-20: 18:30:25:142:ee4 MMOffer[2] Encrypt: DES CBC Hash: SHA
1-20: 18:30:25:142:ee4 MMOffer[3] LifetimeSec 7200 QMLimit 0 DHGroup 1
1-20: 18:30:25:142:ee4 MMOffer[3] Encrypt: DES CBC Hash: MD5
1-20: 18:30:25:142:ee4 Auth[0]:Kerberos
1-20: 18:30:25:142:ee4 Auth[1]:RSA Sig O=Test, CN=Test Root CA AuthFlags 0
1-20: 18:30:25:142:ee4 Auth[2]:RSA Sig C=US, O=Test, OU=Test, CN=Test SA
Root CA AuthFlags 0
1-20: 18:30:25:142:ee4 Auth[3]:RSA Sig E=(E-Mail Removed), C=US, S=WA,
L=Redmond, O=Test, OU=Test, CN=Test Root Authority AuthFlags 0
1-20: 18:30:25:142:ee4 QM PolicyName: Test Security dwFlags 4
1-20: 18:30:25:142:ee4 QMOffer[0] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:25:142:ee4 QMOffer[0] dwFlags 0 dwPFSGroup 0
1-20: 18:30:25:142:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
1-20: 18:30:25:142:ee4 QMOffer[1] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:25:142:ee4 QMOffer[1] dwFlags 0 dwPFSGroup 0
1-20: 18:30:25:142:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
1-20: 18:30:25:142:ee4 QMOffer[2] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:25:142:ee4 QMOffer[2] dwFlags 0 dwPFSGroup 0
1-20: 18:30:25:142:ee4 Algo[0] Operation: AH Algo: SHA
1-20: 18:30:25:142:ee4 QMOffer[3] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:25:142:ee4 QMOffer[3] dwFlags 0 dwPFSGroup 0
1-20: 18:30:25:142:ee4 Algo[0] Operation: AH Algo: MD5
1-20: 18:30:25:142:ee4 QMOffer[4] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:25:142:ee4 QMOffer[4] dwFlags 0 dwPFSGroup 0
1-20: 18:30:25:142:ee4 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
1-20: 18:30:25:142:ee4 QMOffer[5] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:25:142:ee4 QMOffer[5] dwFlags 0 dwPFSGroup 0
1-20: 18:30:25:142:ee4 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
1-20: 18:30:25:142:ee4 QMOffer[6] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:25:142:ee4 QMOffer[6] dwFlags 0 dwPFSGroup 0
1-20: 18:30:25:142:ee4 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
1-20: 18:30:25:142:ee4 QMOffer[7] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:25:142:ee4 QMOffer[7] dwFlags 0 dwPFSGroup 0
1-20: 18:30:25:142:ee4 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
1-20: 18:30:25:142:ee4 Starting Negotiation: src = a.b.c.d.0500, dst =
e.f.g.h.0500, proto = 00, context = 0000002D, ProxySrc = a.b.c.d.0000,
ProxyDst = e.f.g.h.0000 SrcMask = 0.0.0.0 DstMask = 0.0.0.0
1-20: 18:30:25:142:ee4 constructing ISAKMP Header
1-20: 18:30:25:142:ee4 constructing SA (ISAKMP)
1-20: 18:30:25:142:ee4 Constructing Vendor MS NT5 ISAKMPOAKLEY
1-20: 18:30:25:142:ee4 Constructing Vendor FRAGMENTATION
1-20: 18:30:25:142:ee4 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
1-20: 18:30:25:142:ee4 Constructing Vendor Vid-Initial-Contact
1-20: 18:30:25:142:ee4
1-20: 18:30:25:142:ee4 Sending: SA = 0x019A3928 to e.f.g.h:Type 2.500
1-20: 18:30:25:142:ee4 ISAKMP Header: (V1.0), len = 708
1-20: 18:30:25:142:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:25:142:ee4 R-COOKIE 0000000000000000
1-20: 18:30:25:142:ee4 exchange: Oakley Main Mode
1-20: 18:30:25:142:ee4 flags: 0
1-20: 18:30:25:142:ee4 next payload: SA
1-20: 18:30:25:142:ee4 message ID: 00000000
1-20: 18:30:25:142:ee4 Ports S:f401 D:f401
1-20: 18:30:25:158:ee4
1-20: 18:30:25:158:ee4 Receive: (get) SA = 0x019a3928 from e.f.g.h.500
1-20: 18:30:25:158:ee4 ISAKMP Header: (V1.0), len = 148
1-20: 18:30:25:158:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:25:158:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:25:158:ee4 exchange: Oakley Main Mode
1-20: 18:30:25:158:ee4 flags: 0
1-20: 18:30:25:158:ee4 next payload: SA
1-20: 18:30:25:158:ee4 message ID: 00000000
1-20: 18:30:25:158:ee4 processing payload SA
1-20: 18:30:25:158:ee4 Received Phase 1 Transform 1
1-20: 18:30:25:158:ee4 Encryption Alg Triple DES CBC(5)
1-20: 18:30:25:158:ee4 Hash Alg SHA(2)
1-20: 18:30:25:158:ee4 Oakley Group 2
1-20: 18:30:25:158:ee4 Auth Method RSA Signature with Certificates(3)
1-20: 18:30:25:158:ee4 Life type in Seconds
1-20: 18:30:25:158:ee4 Life duration of 7200
1-20: 18:30:25:158:ee4 Phase 1 SA accepted: transform=1
1-20: 18:30:25:158:ee4 SA - Oakley proposal accepted
1-20: 18:30:25:158:ee4 processing payload VENDOR ID
1-20: 18:30:25:158:ee4 Received VendorId MS NT5 ISAKMPOAKLEY
1-20: 18:30:25:158:ee4 processing payload VENDOR ID
1-20: 18:30:25:158:ee4 Received VendorId FRAGMENTATION
1-20: 18:30:25:158:ee4 processing payload VENDOR ID
1-20: 18:30:25:158:ee4 Received VendorId draft-ietf-ipsec-nat-t-ike-02
1-20: 18:30:25:158:ee4 ClearFragList
1-20: 18:30:25:158:ee4 constructing ISAKMP Header
1-20: 18:30:25:220:ee4 constructing KE
1-20: 18:30:25:220:ee4 constructing NONCE (ISAKMP)
1-20: 18:30:25:220:ee4 Constructing NatDisc
1-20: 18:30:25:220:ee4
1-20: 18:30:25:220:ee4 Sending: SA = 0x019A3928 to e.f.g.h:Type 2.500
1-20: 18:30:25:220:ee4 ISAKMP Header: (V1.0), len = 232
1-20: 18:30:25:220:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:25:220:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:25:220:ee4 exchange: Oakley Main Mode
1-20: 18:30:25:220:ee4 flags: 0
1-20: 18:30:25:220:ee4 next payload: KE
1-20: 18:30:25:220:ee4 message ID: 00000000
1-20: 18:30:25:220:ee4 Ports S:f401 D:f401
1-20: 18:30:25:343:ee4
1-20: 18:30:25:343:ee4 Receive: (get) SA = 0x019a3928 from e.f.g.h.500
1-20: 18:30:25:343:ee4 ISAKMP Header: (V1.0), len = 392
1-20: 18:30:25:343:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:25:343:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:25:343:ee4 exchange: Oakley Main Mode
1-20: 18:30:25:343:ee4 flags: 0
1-20: 18:30:25:343:ee4 next payload: KE
1-20: 18:30:25:343:ee4 message ID: 00000000
1-20: 18:30:25:343:ee4 processing payload KE
1-20: 18:30:25:359:ee4 processing payload NONCE
1-20: 18:30:25:359:ee4 processing payload CRP
1-20: 18:30:25:359:ee4 C=US, O=Test, OU=Test, CN=Test SA Root CA
1-20: 18:30:25:359:ee4 processing payload CRP
1-20: 18:30:25:359:ee4 O=Test, CN=Test Root CA
1-20: 18:30:25:359:ee4 processing payload NATDISC
1-20: 18:30:25:359:ee4 Processing NatHash
1-20: 18:30:25:359:ee4 Nat hash 952fe721eece32b455361d7d67c48998
1-20: 18:30:25:359:ee4 692c1b30
1-20: 18:30:25:359:ee4 SA StateMask2 e
1-20: 18:30:25:359:ee4 processing payload NATDISC
1-20: 18:30:25:359:ee4 Processing NatHash
1-20: 18:30:25:359:ee4 Nat hash ea3945ecaaa892f6e06594e4a2c0da71
1-20: 18:30:25:359:ee4 b8661494
1-20: 18:30:25:359:ee4 SA StateMask2 8e
1-20: 18:30:25:359:ee4 ClearFragList
1-20: 18:30:25:359:ee4 constructing ISAKMP Header
1-20: 18:30:25:359:ee4 constructing ID
1-20: 18:30:25:359:ee4 Looking for IPSec only cert
1-20: 18:30:25:436:ee4 Cert Trustes. 0 100
1-20: 18:30:25:436:ee4 Cert SHA Thumbprint aaaaaaaaaaaa
1-20: 18:30:25:621:ee4 Entered CRL check
1-20: 18:30:25:730:ee4 Left CRL check
1-20: 18:30:25:730:ee4 Cert SHA Thumbprint bbbbbbb
1-20: 18:30:25:730:ee4 SubjectName: DC=Test, DC=Test, OU=Test, OU=Test,
CN=Test1
1-20: 18:30:25:730:ee4 Cert Serialnumber ccccccccc
1-20: 18:30:25:730:ee4 Cert SHA Thumbprint ddddddddd
1-20: 18:30:25:730:ee4 SubjectName: DC=Test, DC=Test, OU=Test, OU=Test,
CN=Test2
1-20: 18:30:25:730:ee4 Cert Serialnumber eeeeeeee
1-20: 18:30:25:730:ee4 Cert SHA Thumbprint ffffffffff
1-20: 18:30:25:730:ee4 SubjectName: C=US, O=Test, OU=Test, CN=Test
Intermediate Subordinate
1-20: 18:30:25:730:ee4 Cert Serialnumber ggggggggg
1-20: 18:30:25:730:ee4 Cert SHA Thumbprint hhhhhhhhhhh
1-20: 18:30:25:730:ee4 SubjectName: C=US, O=Test, OU=Test, CN=Test SA Root
CA
1-20: 18:30:25:730:ee4 Cert Serialnumber iiiiiiiiii
1-20: 18:30:25:730:ee4 Cert SHA Thumbprint jjjjjjjjj
1-20: 18:30:25:730:ee4 Not storing My cert chain in SA.
1-20: 18:30:25:730:ee4 MM ID Type 9
1-20: 18:30:25:730:ee4 MM ID kkkkkkkkkkkk
1-20: 18:30:25:730:ee4 constructing CERT
1-20: 18:30:25:730:ee4 Construct SIG
1-20: 18:30:25:730:ee4 Constructing Cert Request
1-20: 18:30:25:730:ee4 O=Test, CN=Test
1-20: 18:30:25:730:ee4 Constructing Cert Request
1-20: 18:30:25:730:ee4 C=US, O=Test, OU=Test, CN=Test SA Root CA
1-20: 18:30:25:730:ee4 Constructing Cert Request
1-20: 18:30:25:730:ee4 E=(E-Mail Removed), C=US, S=WA, L=Redmond, O=Test,
OU=Test, CN=Test Root Authority
1-20: 18:30:25:730:ee4
1-20: 18:30:25:730:ee4 Sending: SA = 0x019A3928 to e.f.g.h:Type 2.500
1-20: 18:30:25:730:ee4 ISAKMP Header: (V1.0), len = 5828
1-20: 18:30:25:730:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:25:730:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:25:730:ee4 exchange: Oakley Main Mode
1-20: 18:30:25:730:ee4 flags: 1 ( encrypted )
1-20: 18:30:25:730:ee4 next payload: ID
1-20: 18:30:25:730:ee4 message ID: 00000000
1-20: 18:30:25:730:ee4 Ports S:f401 D:f401
1-20: 18:30:26:239:ee4
1-20: 18:30:26:239:ee4 Receive: (get) SA = 0x019a3928 from e.f.g.h.500
1-20: 18:30:26:239:ee4 ISAKMP Header: (V1.0), len = 5556
1-20: 18:30:26:239:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:26:239:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:26:239:ee4 exchange: Oakley Main Mode
1-20: 18:30:26:239:ee4 flags: 1 ( encrypted )
1-20: 18:30:26:239:ee4 next payload: ID
1-20: 18:30:26:239:ee4 message ID: 00000000
1-20: 18:30:26:239:ee4 processing payload ID
1-20: 18:30:26:239:ee4 processing payload CERT
1-20: 18:30:26:239:ee4 processing payload SIG
1-20: 18:30:26:239:ee4 Verifying CertStore
1-20: 18:30:26:239:ee4 SubjectName: DC=Test, DC=Test, OU=Test, OU=Test,
OU=Test, CN=Test
1-20: 18:30:26:239:ee4 Cert Serialnumber aaaaaaaaa
1-20: 18:30:26:239:ee4 Cert SHA Thumbprint bbbbbbb
1-20: 18:30:26:239:ee4 SubjectName: DC=Test, DC=Test, DC=Test, CN=WTest
1-20: 18:30:26:239:ee4 Cert Serialnumber cccccccc
1-20: 18:30:26:239:ee4 Cert SHA Thumbprint ddddddd
1-20: 18:30:26:239:ee4 SubjectName: C=US, O=Test, OU=Test, CN=Test
Intermediate Subordinate
1-20: 18:30:26:239:ee4 Cert Serialnumber eeeeeeee
1-20: 18:30:26:239:ee4 Cert SHA Thumbprint ffffffff
1-20: 18:30:26:239:ee4 Cert Trustes. 0 100
1-20: 18:30:26:239:ee4 SubjectName: DC=Test, DC=Test, OU=Test, OU=Test,
OU=Test, CN=Test
1-20: 18:30:26:239:ee4 Cert Serialnumber ggggggg
1-20: 18:30:26:239:ee4 Cert SHA Thumbprint hhhhhh
1-20: 18:30:26:239:ee4 SubjectName: DC=Test, DC=Test, DC=Test, CN=Test
1-20: 18:30:26:239:ee4 Cert Serialnumber iiiiiiiiii
1-20: 18:30:26:239:ee4 Cert SHA Thumbprint jjjjjjjjj
1-20: 18:30:26:239:ee4 SubjectName: C=US, O=Test, OU=Test, CN=Test
Intermediate Subordinate
1-20: 18:30:26:239:ee4 Cert Serialnumber aaaaaaaa
1-20: 18:30:26:239:ee4 Cert SHA Thumbprint bbbbbbbb
1-20: 18:30:26:239:ee4 SubjectName: C=US, O=Test, OU=Test, CN=Test SA Root
CA
1-20: 18:30:26:239:ee4 Cert Serialnumber cccccccc
1-20: 18:30:26:239:ee4 Cert SHA Thumbprint ddddddd
1-20: 18:30:26:239:ee4 Not storing Peer's cert chain in SA.
1-20: 18:30:26:239:ee4 Cert SHA Thumbprint eeeeeeee
1-20: 18:30:26:239:ee4 Entered CRL check
1-20: 18:30:26:239:ee4 Left CRL check
1-20: 18:30:26:239:ee4 Signature validated
1-20: 18:30:26:239:ee4 ClearFragList
1-20: 18:30:26:239:ee4 MM established. SA: 019A3928
1-20: 18:30:26:270:ee4 QM PolicyName: Test Security dwFlags 4
1-20: 18:30:26:270:ee4 QMOffer[0] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:270:ee4 QMOffer[0] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:270:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
1-20: 18:30:26:270:ee4 QMOffer[1] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:270:ee4 QMOffer[1] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:270:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
1-20: 18:30:26:270:ee4 QMOffer[2] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:270:ee4 QMOffer[2] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:270:ee4 Algo[0] Operation: AH Algo: SHA
1-20: 18:30:26:270:ee4 QMOffer[3] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:270:ee4 QMOffer[3] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:270:ee4 Algo[0] Operation: AH Algo: MD5
1-20: 18:30:26:270:ee4 QMOffer[4] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:270:ee4 QMOffer[4] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:270:ee4 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
1-20: 18:30:26:270:ee4 QMOffer[5] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:270:ee4 QMOffer[5] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:270:ee4 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
1-20: 18:30:26:270:ee4 QMOffer[6] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:270:ee4 QMOffer[6] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:270:ee4 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
1-20: 18:30:26:270:ee4 QMOffer[7] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:270:ee4 QMOffer[7] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:270:ee4 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
1-20: 18:30:26:270:ee4 GetSpi: src = e.f.g.h.0000, dst = a.b.c.d.0000,
proto = 00, context = 0000002D, srcMask = 255.255.255.255, destMask =
255.255.255.255, TunnelFilter 0
1-20: 18:30:26:270:ee4 Setting SPI 1762709929
1-20: 18:30:26:270:ee4 constructing ISAKMP Header
1-20: 18:30:26:270:ee4 constructing HASH (null)
1-20: 18:30:26:270:ee4 constructing SA (IPSEC)
1-20: 18:30:26:270:ee4 constructing NONCE (IPSEC)
1-20: 18:30:26:270:ee4 constructing ID (proxy)
1-20: 18:30:26:270:ee4 constructing ID (proxy)
1-20: 18:30:26:270:ee4 constructing HASH (QM)
1-20: 18:30:26:270:ee4
1-20: 18:30:26:270:ee4 Sending: SA = 0x019A3928 to e.f.g.h:Type 2.500
1-20: 18:30:26:270:ee4 ISAKMP Header: (V1.0), len = 468
1-20: 18:30:26:270:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:26:270:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:26:270:ee4 exchange: Oakley Quick Mode
1-20: 18:30:26:270:ee4 flags: 1 ( encrypted )
1-20: 18:30:26:270:ee4 next payload: HASH
1-20: 18:30:26:270:ee4 message ID: 3e8f41ba
1-20: 18:30:26:270:ee4 Ports S:f401 D:f401
1-20: 18:30:26:270:ee4
1-20: 18:30:26:270:ee4 Receive: (get) SA = 0x019a3928 from e.f.g.h.500
1-20: 18:30:26:270:ee4 ISAKMP Header: (V1.0), len = 164
1-20: 18:30:26:270:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:26:270:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:26:286:ee4 exchange: Oakley Quick Mode
1-20: 18:30:26:286:ee4 flags: 3 ( encrypted commit )
1-20: 18:30:26:286:ee4 next payload: HASH
1-20: 18:30:26:286:ee4 message ID: 3e8f41ba
1-20: 18:30:26:286:ee4 processing HASH (QM)
1-20: 18:30:26:286:ee4 ClearFragList
1-20: 18:30:26:286:ee4 processing payload NONCE
1-20: 18:30:26:286:ee4 processing payload ID
1-20: 18:30:26:286:ee4 processing payload ID
1-20: 18:30:26:286:ee4 processing payload SA
1-20: 18:30:26:286:ee4 Negotiated Proxy ID: Src a.b.c.d.0 Dst e.f.g.h.0
1-20: 18:30:26:286:ee4 Checking Proposal 1: Proto= ESP(3), num trans=1
Next=0
1-20: 18:30:26:286:ee4 Checking Transform # 1: ID=NULL DES(11)
1-20: 18:30:26:286:ee4 SA life type in seconds
1-20: 18:30:26:286:ee4 SA life duration 00000e10
1-20: 18:30:26:286:ee4 SA life type in kilobytes
1-20: 18:30:26:286:ee4 SA life duration 0369d036
1-20: 18:30:26:286:ee4 tunnel mode is Transport Mode(2)
1-20: 18:30:26:286:ee4 HMAC algorithm is SHA(2)
1-20: 18:30:26:286:ee4 Phase 2 SA accepted: proposal=1 transform=1
1-20: 18:30:26:286:ee4 constructing ISAKMP Header
1-20: 18:30:26:286:ee4 constructing HASH (QM)
1-20: 18:30:26:286:ee4 Adding QMs: src = a.b.c.d.0000, dst = e.f.g.h.0000,
proto = 00, context = 0000002D, my tunnel = 0.0.0.0, peer tunnel = 0.0.0.0,
SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600 LifetimeKBytes
57266230 dwFlags 0 Direction 2 EncapType 1
1-20: 18:30:26:286:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
1-20: 18:30:26:286:ee4 Algo[0] MySpi: 1762709929 PeerSpi: 698504243
1-20: 18:30:26:286:ee4 Encap Ports Src 500 Dst 500
1-20: 18:30:26:286:ee4 Skipping Outbound SA add
1-20: 18:30:26:286:ee4
1-20: 18:30:26:286:ee4 Sending: SA = 0x019A3928 to e.f.g.h:Type 2.500
1-20: 18:30:26:286:ee4 ISAKMP Header: (V1.0), len = 52
1-20: 18:30:26:286:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:26:286:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:26:286:ee4 exchange: Oakley Quick Mode
1-20: 18:30:26:286:ee4 flags: 3 ( encrypted commit )
1-20: 18:30:26:286:ee4 next payload: HASH
1-20: 18:30:26:286:ee4 message ID: 3e8f41ba
1-20: 18:30:26:286:ee4 Ports S:f401 D:f401
1-20: 18:30:26:286:ee4
1-20: 18:30:26:286:ee4 Receive: (get) SA = 0x019a3928 from e.f.g.h.500
1-20: 18:30:26:286:ee4 ISAKMP Header: (V1.0), len = 84
1-20: 18:30:26:286:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:26:286:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:26:286:ee4 exchange: Oakley Quick Mode
1-20: 18:30:26:286:ee4 flags: 3 ( encrypted commit )
1-20: 18:30:26:286:ee4 next payload: HASH
1-20: 18:30:26:286:ee4 message ID: 3e8f41ba
1-20: 18:30:26:286:ee4 processing HASH (Notify/Delete)
1-20: 18:30:26:286:ee4 ClearFragList
1-20: 18:30:26:286:ee4 processing payload NOTIFY
1-20: 18:30:26:286:ee4 Adding QMs: src = a.b.c.d.0000, dst = e.f.g.h.0000,
proto = 00, context = 0000002D, my tunnel = 0.0.0.0, peer tunnel = 0.0.0.0,
SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600 LifetimeKBytes
57266230 dwFlags 0 Direction 3 EncapType 1
1-20: 18:30:26:286:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
1-20: 18:30:26:286:ee4 Algo[0] MySpi: 1762709929 PeerSpi: 698504243
1-20: 18:30:26:286:ee4 Encap Ports Src 500 Dst 500
1-20: 18:30:26:286:ee4 Skipping Inbound SA add
1-20: 18:30:26:286:ee4 isadb_set_status sa:019A3928 centry:000E53E8 status
0
1-20: 18:30:26:286:ee4 CE Dead. sa:019A3928 ce:000E53E8 status:0
1-20: 18:30:26:286:ee4
1-20: 18:30:26:286:ee4 Receive: (get) SA = 0x019a3928 from e.f.g.h.500
1-20: 18:30:26:286:ee4 ISAKMP Header: (V1.0), len = 180
1-20: 18:30:26:286:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:26:286:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:26:286:ee4 exchange: Oakley Quick Mode
1-20: 18:30:26:286:ee4 flags: 1 ( encrypted )
1-20: 18:30:26:286:ee4 next payload: HASH
1-20: 18:30:26:286:ee4 message ID: d0a7e2d7
1-20: 18:30:26:286:ee4 processing HASH (QM)
1-20: 18:30:26:286:ee4 ClearFragList
1-20: 18:30:26:286:ee4 processing payload NONCE
1-20: 18:30:26:286:ee4 processing payload ID
1-20: 18:30:26:286:ee4 processing payload ID
1-20: 18:30:26:286:ee4 processing payload SA
1-20: 18:30:26:286:ee4 Negotiated Proxy ID: Src e.f.g.h.0 Dst a.b.c.d.0
1-20: 18:30:26:286:ee4 Checking Proposal 1: Proto= ESP(3), num trans=2
Next=0
1-20: 18:30:26:286:ee4 Checking Transform # 1: ID=NULL DES(11)
1-20: 18:30:26:286:ee4 tunnel mode is Transport Mode(2)
1-20: 18:30:26:286:ee4 HMAC algorithm is SHA(2)
1-20: 18:30:26:286:ee4 Checking Transform # 2: ID=Triple DES CBC(3)
1-20: 18:30:26:286:ee4 SA life type in seconds
1-20: 18:30:26:286:ee4 SA life duration 00008ca0
1-20: 18:30:26:286:ee4 SA life type in kilobytes
1-20: 18:30:26:286:ee4 SA life duration 000f4240
1-20: 18:30:26:286:ee4 tunnel mode is Transport Mode(2)
1-20: 18:30:26:286:ee4 HMAC algorithm is SHA(2)
1-20: 18:30:26:286:ee4 Finding Responder Policy for SRC=e.f.g.h.0000
DST=a.b.c.d.0000, SRCMask=255.255.255.255, DSTMask=255.255.255.255, Prot=6
InTunnelEndpt 0 OutTunnelEndpt 0
1-20: 18:30:26:286:ee4 QM PolicyName: Test Security dwFlags 4
1-20: 18:30:26:286:ee4 QMOffer[0] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:286:ee4 QMOffer[0] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:286:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
1-20: 18:30:26:286:ee4 QMOffer[1] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:286:ee4 QMOffer[1] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:286:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: MD5
1-20: 18:30:26:286:ee4 QMOffer[2] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:286:ee4 QMOffer[2] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:286:ee4 Algo[0] Operation: AH Algo: SHA
1-20: 18:30:26:286:ee4 QMOffer[3] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:286:ee4 QMOffer[3] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:286:ee4 Algo[0] Operation: AH Algo: MD5
1-20: 18:30:26:286:ee4 QMOffer[4] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:286:ee4 QMOffer[4] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:286:ee4 Algo[0] Operation: ESP Algo: DES CBC HMAC: SHA
1-20: 18:30:26:286:ee4 QMOffer[5] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:286:ee4 QMOffer[5] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:286:ee4 Algo[0] Operation: ESP Algo: DES CBC HMAC: MD5
1-20: 18:30:26:286:ee4 QMOffer[6] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:286:ee4 QMOffer[6] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:286:ee4 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
SHA
1-20: 18:30:26:286:ee4 QMOffer[7] LifetimeKBytes 57266230 LifetimeSec 3600
1-20: 18:30:26:286:ee4 QMOffer[7] dwFlags 0 dwPFSGroup 0
1-20: 18:30:26:286:ee4 Algo[0] Operation: ESP Algo: Triple DES CBC HMAC:
MD5
1-20: 18:30:26:286:ee4 Policy too general
1-20: 18:30:26:286:ee4 Phase 2 SA accepted: proposal=1 transform=1
1-20: 18:30:26:286:ee4 Adding default policy for SRC=h.g.f.e.0000
DST=d.c.b.a.0000, SRCMask=ffffffff, DSTMask=ffffffff, Prot=6, TunnelFilter
0, TunnelAddr 0
1-20: 18:30:26:301:ee4 GetSpi: src = e.f.g.h.0000, dst = a.b.c.d.0000,
proto = 06, context = 00000000, srcMask = 255.255.255.255, destMask =
255.255.255.255, TunnelFilter 0
1-20: 18:30:26:301:ee4 Setting SPI 1746025742
1-20: 18:30:26:301:ee4 constructing ISAKMP Header
1-20: 18:30:26:301:ee4 constructing HASH (null)
1-20: 18:30:26:301:ee4 constructing SA (IPSEC)
1-20: 18:30:26:301:ee4 constructing NONCE (IPSEC)
1-20: 18:30:26:301:ee4 constructing ID (proxy)
1-20: 18:30:26:301:ee4 constructing ID (proxy)
1-20: 18:30:26:301:ee4 constructing HASH (QM)
1-20: 18:30:26:301:ee4
1-20: 18:30:26:301:ee4 Sending: SA = 0x019A3928 to e.f.g.h:Type 2.500
1-20: 18:30:26:301:ee4 ISAKMP Header: (V1.0), len = 140
1-20: 18:30:26:301:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:26:301:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:26:301:ee4 exchange: Oakley Quick Mode
1-20: 18:30:26:301:ee4 flags: 3 ( encrypted commit )
1-20: 18:30:26:301:ee4 next payload: HASH
1-20: 18:30:26:301:ee4 message ID: d0a7e2d7
1-20: 18:30:26:301:ee4 Ports S:f401 D:f401
1-20: 18:30:26:301:ee4
1-20: 18:30:26:301:ee4 Receive: (get) SA = 0x019a3928 from e.f.g.h.500
1-20: 18:30:26:301:ee4 ISAKMP Header: (V1.0), len = 52
1-20: 18:30:26:301:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:26:301:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:26:301:ee4 exchange: Oakley Quick Mode
1-20: 18:30:26:301:ee4 flags: 3 ( encrypted commit )
1-20: 18:30:26:301:ee4 next payload: HASH
1-20: 18:30:26:301:ee4 message ID: d0a7e2d7
1-20: 18:30:26:301:ee4 processing HASH (QM)
1-20: 18:30:26:301:ee4 ClearFragList
1-20: 18:30:26:301:ee4 Adding QMs: src = a.b.c.d.0000, dst = e.f.g.h.0000,
proto = 06, context = 0000002E, my tunnel = 0.0.0.0, peer tunnel = 0.0.0.0,
SrcMask = 0.0.0.0, DestMask = 0.0.0.0 Lifetime = 3600 LifetimeKBytes
57266230 dwFlags 0 Direction 1 EncapType 1
1-20: 18:30:26:301:ee4 Algo[0] Operation: ESP Algo: NULL DES HMAC: SHA
1-20: 18:30:26:301:ee4 Algo[0] MySpi: 1746025742 PeerSpi: 3057779403
1-20: 18:30:26:301:ee4 Encap Ports Src 500 Dst 500
1-20: 18:30:26:301:ee4 isadb_set_status sa:019A3928 centry:000E5520 status
0
1-20: 18:30:26:301:ee4 Constructing Commit Notify
1-20: 18:30:26:301:ee4 constructing ISAKMP Header
1-20: 18:30:26:301:ee4 constructing HASH (null)
1-20: 18:30:26:301:ee4 constructing NOTIFY 16384
1-20: 18:30:26:301:ee4 constructing HASH (QM)
1-20: 18:30:26:301:ee4
1-20: 18:30:26:301:ee4 Sending: SA = 0x019A3928 to e.f.g.h:Type 4.500
1-20: 18:30:26:301:ee4 ISAKMP Header: (V1.0), len = 84
1-20: 18:30:26:301:ee4 I-COOKIE 89457b8aee0b0f8f
1-20: 18:30:26:301:ee4 R-COOKIE d23c71d3c8fe1bf2
1-20: 18:30:26:301:ee4 exchange: Oakley Quick Mode
1-20: 18:30:26:301:ee4 flags: 3 ( encrypted commit )
1-20: 18:30:26:301:ee4 next payload: HASH
1-20: 18:30:26:301:ee4 message ID: d0a7e2d7
1-20: 18:30:26:301:ee4 Ports S:f401 D:f401

--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no rights.

<(E-Mail Removed)> wrote in message
news:08ea01c3d4e6$a63c6b90$(E-Mail Removed)...
>
> I'd like the Cert snap-shot please.
>
> I'm playing with one of the default policies
> and making some progress.
>
> Boy, this is not simple.
> It's like treading a needle.
>
>>-----Original Message-----
>>It looks like your policy truly doesn't have a matching
> filter that allows
>>it to do IPSec back to the requesting peer. What does
> your policy currently
>>look like?
>>
>>As for a snap-shot of an end-to-end negotiation, would
> you like one for
>>Kerb, Cert, or psk?
>>
>>--
>>David
>>Microsoft Windows Networking
>>This posting is provided "AS IS" with no warranties, and
> confers no rights.
>>
>>"Paul" <(E-Mail Removed)> wrote in message
>>news:0aed01c3d476$ae809e40$(E-Mail Removed)...
>>> First off, I tried my best to choose the most
>>> appropriate NewsGroup for this question, but
>>> if there are better choices, please let me know.
>>>
>>> Can anyone forward me a snapshot of their
>>> oakley.log during a successful negotiation?
>>> Of course feel free to modify anything to secure
> yourself.
>>>
>>> I'm stuck on Oakley negotiations.
>>>
>>> Here's what repeats in my log.
>>> I'm pretty sure it's an "Exemption" filter,
>>> but I tryed removing them and still had no luck.
>>>
>>> 12-30: 21:08:01:859:fcc Receive: (get) SA = 0x00000000
>>> from 68.227.86.101.500
>>> 12-30: 21:08:01:859:fcc ISAKMP Header: (V1.0), len = 292
>>> 12-30: 21:08:01:859:fcc I-COOKIE e7731123ba0f3a44
>>> 12-30: 21:08:01:859:fcc R-COOKIE 0000000000000000
>>> 12-30: 21:08:01:859:fcc exchange: Oakley Main Mode
>>> 12-30: 21:08:01:859:fcc flags: 0
>>> 12-30: 21:08:01:859:fcc next payload: SA
>>> 12-30: 21:08:01:859:fcc message ID: 00000000
>>> 12-30: 21:08:01:859:fcc Filter to match: Src
> 68.227.86.101
>>> Dst 192.168.23.132
>>> 12-30: 21:08:01:859:fcc MatchMMFilter failed 13013
>>> 12-30: 21:08:01:859:fcc Responding with new SA 0
>>> 12-30: 21:08:01:859:fcc HandleFirstPacketResponder
> failed
>>> 3601
>>>
>>> There's Two NAT boxes in between the two
>>> hosts (W2K SP3 + NAT-T update + 128-bit encryption pack;
>>> and a Windows Server 2003 Standard Edition)
>>>
>>> I would expect the first IKE packet from the initiator
>>> to say "hey, do you support NAT-T?", then I would expect
>>> from the responder "Yes, I support NAT-T, lets got to
>>> port 4500 instead of 500, negotiate NAT-OA and NAT-D,
>>> etc., etc., etc.,"
>>>
>>> But what I seem to get is a rejected first packet.
>>> I search on "MatchMMFilter failed 13013" but got
> nothing!
>>>
>>> It would be nice to see a working example of an entire
>>> Main Mode IKE negotiation.
>>>
>>> Thanks,
>>>
>>> paul.
>>>
>>> ps. If anyone has a list of IPSec resources (URLs,
>>> Newsroups, etc) they can recommend, I'd appreciate it.
>>
>>
>>.
>>

Thread Tools
Show Printable Version Email this Page
Rate This Thread
Rate This Thread:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Successful burn, Successful install, Nice OS	gs	Windows Vista General Discussion	4	20th Jun 2006 10:40 AM
"Distributed transaction completed. Either enlist this session in a new transaction or the NULL transaction."	Ollie Riches	Microsoft C# .NET	3	11th Mar 2005 06:23 PM
"Distributed transaction completed. Either enlist this session in a new transaction or the NULL transaction."	Ollie Riches	Microsoft ADO .NET	3	11th Mar 2005 06:23 PM
Save each page as a seperate Snapshot file when Exporting to Snapshot Format	Ed Dobbin	Microsoft Access External Data	0	14th May 2004 01:12 PM
Viewing Snapshot Files with Snapshot Viewer Control on Excel Userform...How?	Shuffs	Microsoft Excel Programming	0	19th Sep 2003 05:09 PM