[index] CentreCOM AR560S コマンドリファレンス 2.9

ENABLE ISAKMP DEBUG

カテゴリー:IPsec / ISAKMP


ENABLE ISAKMP DEBUG={ALL|DEFAULT|PACKET|PKT|PKTRAW|STATE|TRACE|TRACEMORE}


ISAKMPモジュールのデバッグオプションを有効にする。



パラメーター

DEBUG: 有効にするデバッグオプション。STATE(ISAKMPの状態遷移を表示)、PACKETまたはPKT(ISAKMPメッセージをデコードして表示)、PKTRAW(ISAKMPメッセージを16進ダンプで表示)、TRACE(ISAKMPの処理過程をトレース)、TRACEMORE(ISAKMPの処理過程をより詳細にトレース)、DEFAULT(TRACE、STATE、PACKETを指定したのと同じ)、ALL(すべて)から選択する。



入力・出力・画面例

SecOff > enable isakmp debug=packet

SecOff > ISAKMP Tx Message
     Cookie's:   f7f11f139bcf2de0:0000000000000000
     Xchg Type:  IDPROT(2)  Ver: 10  Flags: 00
     MessageID:  00000000   Total Length: 84
     Payload #:  0  Length: 56  Type: Security Association (SA)
       DOI: IPSEC(0)  Situation: 00000001
         Proposal#: 1  Protocol: ISAKMP(1)  #Trans: 1  SPI:
           Transform#: 1
             Transform Id .................. IKE(1)
             Encryption Algorithm........... DES(1)
             Authentication Algorithm....... SHA(2)
             Authentication Method.......... PRESHARED(1)
             Group Description.............. 768(1)
             Group Type..................... MODP
             Expiry Seconds................. 86400

SecOff > ISAKMP Rx Message
     Cookie's:   f7f11f139bcf2de0:599d82efe4a01228
     Xchg Type:  IDPROT(2)  Ver: 10  Flags: 00
     MessageID:  00000000   Total Length: 84
     Payload #:  0  Length: 56  Type: Security Association (SA)
       DOI: IPSEC(0)  Situation: 00000001
         Proposal#: 1  Protocol: ISAKMP(1)  #Trans: 1  SPI:
           Transform#: 1
             Transform Id .................. IKE(1)
             Encryption Algorithm........... DES(1)
             Authentication Algorithm....... SHA(2)
             Authentication Method.......... PRESHARED(1)
             Group Description.............. 768(1)
             Group Type..................... MODP
             Expiry Seconds................. 86400
ISAKMP Tx Message
     Cookie's:   f7f11f139bcf2de0:599d82efe4a01228
     Xchg Type:  IDPROT(2)  Ver: 10  Flags: 00
     MessageID:  00000000   Total Length: 152
     Payload #:  0  Length: 100  Type: Key Exchange (KE)
       2d df 75 56 ed ee 00 6b 11 a6 e0 47 08 b3 77 a0 53 19 68 7f
       34 f5 58 ea b7 a3 b1 0b 32 df 7d 22 85 ae ce 21 5d 80 d1 30
       52 7a c4 fb 74 18 26 d7 13 ad 1b 97 83 fc 81 ea 1b 7c a2 33
       86 3a ce 01 fe f6 50 43 c7 dd 4c f6 78 ce 2a a0 e6 af f8 93
       ee 4e cb d6 fd 78 94 c6 a1 9e 4f 15 b1 d6 21 ff
     Payload #:  1  Length: 24  Type: Nonce (NONCE)
       06 b3 a8 ce 3e 3a 04 d6 d8 16 7b 47 08 50 c9 34 9d 3f 51 82

SecOff > ISAKMP Rx Message
     Cookie's:   f7f11f139bcf2de0:599d82efe4a01228
     Xchg Type:  IDPROT(2)  Ver: 10  Flags: 00
     MessageID:  00000000   Total Length: 152
     Payload #:  0  Length: 100  Type: Key Exchange (KE)
       bb 81 9f f5 5c 89 4f 41 39 a8 92 74 1c 4b 2f 27 8b 6d 97 35
       42 45 da 93 78 0c 48 81 2a 71 ba 1b 85 cf 9a 9c ed 96 2d e6
       8e 05 c3 fe ca be 2f 95 c0 3c fa cf c5 1d 2b 28 87 71 21 75
       86 79 ad fa c0 1f 3b 0d 87 e0 0c 7d 92 f4 f7 a3 f8 0a fc 5f
       d6 fc d4 b9 05 ae c3 35 f1 27 78 b6 1e 88 98 8a
     Payload #:  1  Length: 24  Type: Nonce (NONCE)
       65 ab 76 d1 57 db 46 36 d8 e3 e0 38 0f 2d d1 d1 c3 5a d9 db
ISAKMP Tx Message
     Cookie's:   f7f11f139bcf2de0:599d82efe4a01228
     Xchg Type:  IDPROT(2)  Ver: 10  Flags: 00
     MessageID:  00000000   Total Length: 94
     Payload #:  0  Length: 14  Type: Identification (ID)
       Type: FQDN  ProtocolId: 0  Port: 0
       Value: client
     Payload #:  1  Length: 24  Type: Hash (HASH)
       19 96 21 3d 14 4f f1 3f 16 bd 3a ca 2c 8c c3 7c 03 e8 52 f2
     Payload #:  2  Length: 28  Type: Notification (N)
       00 00 00 01 01 10 60 02 f7 f1 1f 13 9b cf 2d e0 59 9d 82 ef
       e4 a0 12 28

SecOff > ISAKMP Rx Message (decrypted)
     Cookie's:   f7f11f139bcf2de0:599d82efe4a01228
     Xchg Type:  IDPROT(2)  Ver: 10  Flags: 01
     MessageID:  00000000   Total Length: 92
     Payload #:  0  Length: 12  Type: Identification (ID)
       Type: IPV4_ADDR  ProtocolId: 0  Port: 0
       Value: 1.1.1.1
     Payload #:  1  Length: 24  Type: Hash (HASH)
       79 33 1f c5 75 4b 8b 83 0f e9 bf b7 35 81 40 77 4c 34 3d 9a
     Payload #:  2  Length: 28  Type: Notification (N)
       00 00 00 01 01 10 60 02 f7 f1 1f 13 9b cf 2d e0 59 9d 82 ef
       e4 a0 12 28
ISAKMP Tx Message
     Cookie's:   f7f11f139bcf2de0:599d82efe4a01228
     Xchg Type:  QUICK(32)  Ver: 10  Flags: 00
     MessageID:  7736489b   Total Length: 148
     Payload #:  0  Length: 24  Type: Hash (HASH)
       aa 05 0b be 05 fb 74 2e 93 34 53 d8 fb 39 e0 1e a5 8f 20 42
     Payload #:  1  Length: 40  Type: Security Association (SA)
       DOI: IPSEC(0)  Situation: 00000001
         Proposal#: 1  Protocol: ESP(3)  #Trans: 1  SPI: 3f854d43
           Transform#: 1
             Transform Id .................. DES(2)
             Group Description ............. MODP768(1)
             Encapsulation Mode ............ TUNNEL(1)
             Authentication Algorithm ...... SHA(2)
     Payload #:  2  Length: 24  Type: Nonce (NONCE)
       b6 6b 17 23 d6 f4 04 9d 60 9d a9 84 b9 29 99 d6 5c 05 79 e9
     Payload #:  3  Length: 16  Type: Identification (ID)
       Type: IPV4_ADDR_SUBNET  ProtocolId: 0  Port: 0
       Value: 192.168.20.0:255.255.255.0
     Payload #:  4  Length: 16  Type: Identification (ID)
       Type: IPV4_ADDR_SUBNET  ProtocolId: 0  Port: 0
       Value: 192.168.1.0:255.255.255.0

SecOff > ISAKMP Rx Message (decrypted)
     Cookie's:   f7f11f139bcf2de0:599d82efe4a01228
     Xchg Type:  QUICK(32)  Ver: 10  Flags: 01
     MessageID:  7736489b   Total Length: 148
     Payload #:  0  Length: 24  Type: Hash (HASH)
       71 d5 87 4e 5c ec 75 fd 1f fc 0c 91 27 a0 70 79 5c 17 9c f7
     Payload #:  1  Length: 40  Type: Security Association (SA)
       DOI: IPSEC(0)  Situation: 00000001
         Proposal#: 1  Protocol: ESP(3)  #Trans: 1  SPI: 58dfdda5
           Transform#: 1
             Transform Id .................. DES(2)
             Group Description ............. MODP768(1)
             Encapsulation Mode ............ TUNNEL(1)
             Authentication Algorithm ...... SHA(2)
     Payload #:  2  Length: 24  Type: Nonce (NONCE)
       e2 bc 6f 0b 49 00 55 70 d2 0d f5 99 fe cc 95 af f9 4b 16 4c
     Payload #:  3  Length: 16  Type: Identification (ID)
       Type: IPV4_ADDR_SUBNET  ProtocolId: 0  Port: 0
       Value: 192.168.20.0:255.255.255.0
     Payload #:  4  Length: 16  Type: Identification (ID)
       Type: IPV4_ADDR_SUBNET  ProtocolId: 0  Port: 0
       Value: 192.168.1.0:255.255.255.0
ISAKMP Tx Message
     Cookie's:   f7f11f139bcf2de0:599d82efe4a01228
     Xchg Type:  QUICK(32)  Ver: 10  Flags: 00
     MessageID:  7736489b   Total Length: 52
     Payload #:  0  Length: 24  Type: Hash (HASH)
       79 2f 7b ec f1 02 d7 0d 49 47 cc 04 ce 7b 95 d4 03 47 da 21


SecOff > enable isakmp debug=state

Info (182057): ISAKMP Debugging has been enabled.

SecOff > ISAKMP MAIN exchange 11: New State: IDLE

ISAKMP MAIN exchange 11: New State: SASENT


SecOff > ISAKMP MAIN exchange 11: New State: SARECV

ISAKMP MAIN exchange 11: New State: KESENT


SecOff > ISAKMP MAIN exchange 11: New State: KERECV

ISAKMP MAIN exchange 11: New State: AUTHSENT


SecOff > ISAKMP MAIN exchange 11: New State: AUTHRECV

ISAKMP MAIN exchange 11: New State: UP


ISAKMP QUICK exchange 12: New State: SENDING_HASH_SA_NONCE

SecOff >
ISAKMP QUICK exchange 12: New State: RECEIVING_MESSAGE

ISAKMP QUICK exchange 12: New State: SENDING_HASH
ISAKMP QUICK exchange 12: New State: DONE


SecOff > enable isakmp debug=trace

Info (182057): ISAKMP Debugging has been enabled.

SecOff > sh pISAKMP: acquire - Create Phase 1 Exchange
ISAKMP MAIN: INIT: xchg 13: Started with peer 1.1.1.1
ISAKMP CORE: Aquire: equivalent acquire request in progress

SecOff > ISAKMP MAIN: INIT: xchg 13: Ni l=20 v=baa95ac53c8b47a16cff9a81fd3df98bf
34c9729
ISAKMP MAIN: INIT: xchg 13: Nr l=20 v=ed3b6400668c47c8361f853e998ff0b4d20a24d5
ISAKMP MAIN: INIT: xchg 13: COOKIE_I l=8 v=b8230e5ecac0212c
ISAKMP MAIN: INIT: xchg 13: COOKIE_R l=8 v=af3b896d8b1b2b76
ISAKMP MAIN: INIT: xchg 13: Key l=8 v=686f6765686f6765
ISAKMP MAIN: INIT: xchg 13: EncKey l=8 v=f20facb52abb3e08
ISAKMP MAIN: INIT: xchg 13: IV l=8 v=bdf0e35f5bb0459f

SecOff > ISAKMP InfoProcess: xchg 13: Rx Notification Message - DOI
ISAKMP MAIN: INIT: xchg 13: RemoteID=IPv4:1.1.1.1
ISAKMP CORE: Exchange 13 done

ISAKMP QUICK: INIT: xchg 14: Started with peer 1.1.1.1
ISAKMP QUICK: INIT: xchg 14: COOKIE_I l=8 v=b8230e5ecac0212c
ISAKMP QUICK: INIT: xchg 14: COOKIE_R l=8 v=af3b896d8b1b2b76
ISAKMP QUICK: INIT: xchg 14: MessageID=57339a70
ISAKMP QUICK: INIT: xchg 14: IV l=8 v=a73675e6799eef15

ISAKMP QI 14: HASH1: ID Payload Created

SecOff > ISAKMP QUICK: INIT: xchg 14: rx msg 1: start
ISAKMP QUICK: INIT: xchg 14: rx msg 1: prop policy done
ISAKMP QUICK: INIT: xchg 14: rx msg 1: TRAN 0,1 attributes good
ISAKMP QUICK: INIT: xchg 14: rx msg 1: TRAN 0,1 match
ISAKMP QUICK: INIT: xchg 14: rx msg 1: prop 0 match
ISAKMP QUICK: INIT: xchg 14: rx msg 1: All proposals matched:  (lpn 1)
ISAKMP QUICK: INIT: xchg 14: rx msg 1: payloads good:
ISAKMP QUICK: INIT: xchg 14: rx msg 1: good
ISAKMP CORE: Exchange 14 done


SecOff > enable isakmp debug=tracemore

Info (182057): ISAKMP Debugging has been enabled.

SecOff > ISAKMP MAIN: INIT: xchg 15: Started with peer 1.1.1.1

ISAKMP: acquire - Queue the acquire struct

ISAKMP: acquire - Queue the acquire struct

SecOff > ISAKMP MAIN: INIT: xchg 15: x l=20 v=dee78c5e6d57a2b091e805d48b5cf4d7b6
2a6e5d
ISAKMP MAIN: INIT: xchg 15: g^x l=96 v=fa431d749ddb3ebada8ef569f9da7960464a8ff7f
59465ee024e0bb130c77f468ad275cbbc62314bd0184a5f0ad9f170894ab56f666510df2bb7946cf
07167605fbaf4634ba8b6ebc7378c1e06c5e9ad5000ffefc8d27904fac1a9131b29b09e
ISAKMP MAIN: INIT: xchg 15: g^y l=96 v=4bafa551598eb94183a7fdbe7deec732404b6330b
0bfc9ee9ad4abb63bfd58f97d3c73320882e33984a4146fad9e29f3e0d17262567f7fe612dfea2b9
7662808a3ef3e868f0482e73ff550e96a39f33ebc9c4a929080529536aa569bb19a8f08
ISAKMP MAIN: INIT: xchg 15: g^xy l=96 v=8c8a03e1564abad8868b40fc7d5bca62a6a79950
405d296d9523d061bfd866da1a2ef286aac69939e6f1516fc5620ee2751420b88a64f86de0041875
feb0ed62a0328a1e2fd7d90e01b42d0c3d315ece5d0167811b3d77dea899b8378edb2a01
ISAKMP MAIN: INIT: xchg 15: Ni l=20 v=8e1eade9adda0c95289025ad0b322520f7c00a93
ISAKMP MAIN: INIT: xchg 15: Nr l=20 v=16e83cf248d4c890bee7ef266cfb82788d83557a
ISAKMP MAIN: INIT: xchg 15: COOKIE_I l=8 v=c7fb026ba87dc835
ISAKMP MAIN: INIT: xchg 15: COOKIE_R l=8 v=649adcdb744a7018
ISAKMP MAIN: INIT: xchg 15: Key l=8 v=686f6765686f6765
ISAKMP MAIN: INIT: xchg 15: SKEYID l=20 v=073f3d19abde74d9a3ab8584c99dc084c97929
e9
ISAKMP MAIN: INIT: xchg 15: SKEYID_d l=20 v=dbdaf57885e0e76e580cf4e696c9c07312c9
3569
ISAKMP MAIN: INIT: xchg 15: SKEYID_a l=20 v=6e6525ff8853e3239c374c9e0b604956e420
84eb
ISAKMP MAIN: INIT: xchg 15: SKEYID_e l=20 v=5483967a2001308d33adb5ff26a6a10efd48
6c21
ISAKMP MAIN: INIT: xchg 15: EncKey l=8 v=5483967a2001308d
ISAKMP MAIN: INIT: xchg 15: IV l=8 v=a05ded8713462c0c
ISAKMP MAIN: INIT: xchg 15: Hi l=20 v=3d202c887fb67a69bb5e8851606a5f9d7184faf7

SecOff > ISAKMP MAIN: INIT: xchg 15: RemoteID=IPv4:61.115.117.39
ISAKMP MAIN: INIT: xchg 15: Hr l=20 v=77c2972f612e22418e867a30dbdbeda4c729edb6
ISAKMP DOI: IPSEC: Exchange IDs from selectors:
  IDi: type             IPV4_ADDR_SUBNET
       protocol Id      0
       port             0
       data             c0a81400ffffff00
  IDr: type             IPV4_ADDR_SUBNET
       protocol Id      0
       port             0
       data             c0a80100ffffff00
ISAKMP DOI: IPSEC: Aquire Info -> Local Policy
  number of proposals 1
  proposal 0: # 1, protId 3, #transforms 1
    transform 0: # 1, id 2, sas 1
                  expiry: b 0-4294967295, s 0-28800
                  gr 1, mode 1, auth 2
ISAKMP QUICK: INIT: xchg 16: Started with peer 1.1.1.1
ISAKMP DOI: IPSEC: Exchange IDs not default:
  initiatorAddress      63.12.66.122
  IDi: type             IPV4_ADDR_SUBNET
       protocol Id      0
       port             0
       data             c0a81400ffffff00
  responderAddress      1.1.1.1
  IDr: type             IPV4_ADDR_SUBNET
       protocol Id      0
       port             0
       data             c0a80100ffffff00

ISAKMP QI 16: HASH1: 008390d4 100
204ebb1d0a00002800000001000000010000001c01030401157652f200000010
01020000800400018005000205000018099f36cc5dfa4c00c3c97a5f00ad334f
7eae9c070500001004000000c0a81400ffffff000000001004000000c0a80100
ffffff00

ISAKMP QI 16: HASH1: result f21b2f7aa43130b98db2e8a3eccc6921855d10dd

SecOff > ISAKMP QUICK: INIT: xchg 16: rx msg 1: start
ISAKMP QUICK: INIT: xchg 16: rx msg 1: prop policy done
ISAKMP QUICK: INIT: xchg 16: rx msg 1: TRAN 0,1 attributes good
ISAKMP QUICK: INIT: xchg 16: rx msg 1: TRAN 0,1 match
ISAKMP QUICK: INIT: xchg 16: rx msg 1: prop 0 match
ISAKMP QUICK: INIT: xchg 16: rx msg 1: All proposals matched:  (lpn 1)
ISAKMP QUICK: INIT: xchg 16: rx msg 1: payloads good:
ISAKMP QUICK: INIT: xchg 16: rx msg 1: good

ISAKMP QI 16: HASH2: 009c58d4 120
204ebb1d099f36cc5dfa4c00c3c97a5f00ad334f7eae9c070a00002800000001
000000010000001c01030401227095c800000010010200008004000180050002
05000018a095527f8c5274284d602fbc4f865fc1ae4490ea0500001004000000
c0a81400ffffff000000001004000000c0a80100ffffff00

ISAKMP QI 16: HASH2: result 52016de8012ee5ec2a74f60e6d571bcae625b8fe

ISAKMP QI 16: HASH INK1: 009e40d4 45
03157652f2099f36cc5dfa4c00c3c97a5f00ad334f7eae9c07a095527f8c5274
284d602fbc4f865fc1ae4490ea

ISAKMP QI 16: HASH INK1: result 95e9b959f1e819bc12e896bf227eb78a184f8c6a

ISAKMP QI 16: HASH OUTK1: 009e40d4 45
03227095c8099f36cc5dfa4c00c3c97a5f00ad334f7eae9c07a095527f8c5274
284d602fbc4f865fc1ae4490ea

ISAKMP QI 16: HASH OUTK1: result 8303f4ba30e24de1dac0b835b11046fbb5f0f85f

ISAKMP QI 16: HASH INK2: 009e40c0 65
95e9b959f1e819bc12e896bf227eb78a184f8c6a03157652f2099f36cc5dfa4c
00c3c97a5f00ad334f7eae9c07a095527f8c5274284d602fbc4f865fc1ae4490
ea

ISAKMP QI 16: HASH INK1: result 95e9b959f1e819bc12e896bf227eb78a184f8c6a

ISAKMP QI 16: HASH OUTK1: 009e40c0 65
8303f4ba30e24de1dac0b835b11046fbb5f0f85f03227095c8099f36cc5dfa4c
00c3c97a5f00ad334f7eae9c07a095527f8c5274284d602fbc4f865fc1ae4490
ea

ISAKMP QI 16: HASH OUTK2: result 52112530c1000cc247cdea99096bad13f19e25c9

ISAKMP QI 16: HASH3: 0080b0d4 45
00204ebb1d099f36cc5dfa4c00c3c97a5f00ad334f7eae9c07a095527f8c5274
284d602fbc4f865fc1ae4490ea

ISAKMP QI 16: HASH3: result 14014fd9c3a2749b6c65a0b42f0c558aede913d2



備考・注意事項

本コマンドは、トラブルシューティング時など、内部情報の確認が必要な場合を想定したものですので、ご使用に際しては弊社技術担当にご相談ください。



関連コマンド

DISABLE ISAKMP
DISABLE ISAKMP DEBUG
ENABLE ISAKMP
SHOW ISAKMP



参考

RFC2401, Security Architecture for the Internet Protocol
RFC2402, IP Authentication Header
RFC2403, The Use of HMAC-MD5-96 within ESP and AH
RFC2404, The Use of HMAC-SHA-1-96 within ESP and AH
RFC2405, The ESP DES-CBC Cipher Algorithm With Explicit IV
RFC2406, IP Encapsulating Security Payload (ESP)
RFC2407, The Internet IP Security Domain of Interpretation for ISAKMP
RFC2408, Internet Security Association and Key Management Protocol (ISAKMP)
RFC2409, The Internet Key Exchange (IKE)
RFC2410, The NULL Encryption Algorithm and Its Use With IPsec
RFC2411, IP Security Document Roadmap
RFC2412, The OAKLEY Key Determination Protocol
RFC2451, The ESP CBC-Mode Cipher Algorithms
RFC2104, HMAC: Keyed-Hashing for Message Authentication


(C) 2010-2014 アライドテレシスホールディングス株式会社

PN: 613-001314 Rev.G