D-Link DFL-260-IPS-12 Product Manual - Page 418
Step 4. Server Sends Key Exchange Data, Step 5. Client Sends Identification
View all D-Link DFL-260-IPS-12 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 418 highlights
9.4.5. Troubleshooting with ikesnoop NAT-D (NAT Detection) Payload data length : 16 bytes Chapter 9. VPN Step 4. Server Sends Key Exchange Data The Server now sends key exchange data back to the client. IkeSnoop: Sending IKE packet to 192.168.0.10:500 Exchange type : Identity Protection (main mode) ISAKMP Version : 1.0 Flags : Cookies : 0x6098238b67d97ea6 -> 0x5e347cb76e95a Message ID : 0x00000000 Packet length : 220 bytes # payloads :4 Payloads: KE (Key Exchange) Payload data length : 128 bytes NONCE (Nonce) Payload data length : 16 bytes NAT-D (NAT Detection) Payload data length : 16 bytes NAT-D (NAT Detection) Payload data length : 16 bytes Step 5. Client Sends Identification The initiator sends the identification which is normally an IP address or the Subject Alternative Name if certificates are used. IkeSnoop: Received IKE packet from 192.168.0.10:500 Exchange type : Identity Protection (main mode) ISAKMP Version : 1.0 Flags : E (encryption) Cookies : 0x6098238b67d97ea6 -> 0x5e347cb76e95a Message ID : 0x00000000 Packet length : 72 bytes # payloads :3 Payloads: ID (Identification) Payload data length : 8 bytes ID : ipv4(any:0,[0..3]=192.168.0.10) HASH (Hash) Payload data length : 16 bytes N (Notification) Payload data length : 8 bytes Protocol ID : ISAKMP Notification : Initial contact Explanation of Above Values Flags: E means encryption (it is the only flag used). ID: Identification of the client The Notification field is given as Initial Contact to indicate this is not a re-key. 418