D-Link DFL-860 Product Manual - Page 420
Explanation of Above Values, Step 8. Client Sends a List of Supported Algorithms
UPC - 790069900204
View all D-Link DFL-860 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 420 highlights
9.4.5. Troubleshooting with ikesnoop Chapter 9. VPN Key length : 128 Authentication algorithm : HMAC-MD5 SA life type : Seconds SA life duration : 21600 SA life type : Kilobytes SA life duration : 50000 Encapsulation mode : Tunnel Transform 4/4 Transform ID : Blowfish Key length : 128 Authentication algorithm : HMAC-SHA-1 SA life type : Seconds SA life duration : 21600 SA life type : Kilobytes SA life duration : 50000 Encapsulation mode : Tunnel NONCE (Nonce) Payload data length : 16 bytes ID (Identification) Payload data length : 8 bytes ID : ipv4(any:0,[0..3]=10.4.2.6) ID (Identification) Payload data length : 12 bytes ID : ipv4_subnet(any:0,[0..7]=10.4.0.0/16) Explanation of Above Values Transform ID: Cipher Key length: Cipher key length Authentication algorithm: HMAC (Hash) Group description: PFS and PFS group SA life type: Seconds or Kilobytes SA life duration: Number seconds or kilobytes Encapsulation mode: Could be transport, tunnel or UDP tunnel (NAT-T) ID: ipv4(any:0,[0..3]=10.4.2.6) Here the first ID is the local network of the tunnel from the client's point of view and the second ID is the remote network. If it contains any netmask it is usually SA per net and otherwise it is SA per host. Step 8. Client Sends a List of Supported Algorithms The server now responds with a matching IPsec proposal from the list sent by the client. As in step 2 above, if no match can be found by the server then a "No proposal chosen" message will be seen, tunnel setup will fail and the ikesnoop command output will stop here. IkeSnoop: Sending IKE packet to 192.168.0.10:500 Exchange type : Quick mode ISAKMP Version : 1.0 Flags : E (encryption) Cookies : 0x6098238b67d97ea6 -> 0x5e347cb76e95a Message ID : 0xaa71428f Packet length : 156 bytes # payloads :5 Payloads: HASH (Hash) Payload data length : 16 bytes SA (Security Association) Payload data length : 56 bytes DOI : 1 (IPsec DOI) Proposal 1/1 Protocol 1/1 420