FortiClient拨号的VPN模板具体配置了什么：

config user local

edit "user1"

set type password

set passwd 1111111

end

config user group

edit "IPsec-VPN-Group"

set member "user1"

end

config firewall address

edit "192.168.0.0/24"

set allow-routing enable

set subnet 192.168.0.0 255.255.255.0

edit "Dia-Cisco_range"

set type iprange

set comment "VPN: Dia-Cisco (Created by VPN wizard)"

set start-ip 10.201.1.100

set end-ip 10.201.1.200

end

config vpn ipsec phase1-interface

edit "Dia-Cisco"

set type dynamic

set interface "port1"

set mode aggressive

set peertype one

set mode-cfg enable

set ipv4-dns-server1 114.114.114.114

set proposal des-md5 des-sha1 aes256-md5 aes256-sha1

set dpd on-idle

set comments "VPN: Dia-Cisco (Created by VPN wizard)"

set dhgrp 14 5 2

set wizard-type dialup-cisco

set xauthtype auto

set authusrgrp "IPsec-VPN-Group"

set peerid "cisco"

set ipv4-start-ip 10.201.1.100

set ipv4-end-ip 10.201.1.200

set ipv4-netmask 255.255.255.0

set ipv4-split-include "Dia-Cisco_split"

set psksecret fortinet

set dpd-retryinterval 60

end

config vpn ipsec phase2-interface

edit "Dia-Cisco"

set phase1name "Dia-Cisco"

set proposal des-md5 des-sha1 aes256-md5 aes256-sha1

set pfs disable

set keepalive enable

set comments "VPN: Dia-Cisco (Created by VPN wizard)"

end

config firewall policy
				

    edit 3
					
        set name "vpn_Dia-Cisco_remote"
					
        set srcintf "Dia-Cisco"
					
        set dstintf "port2"
					
        set srcaddr "Dia-Cisco_range"
					
        set dstaddr "192.168.0.0/24"
					
        set action accept
					
        set schedule "always"
					
        set service "ALL"
					
        set comments "VPN: Dia-Cisco (Created by VPN wizard)"
					
        set nat enable
					
    next
					
end
					
3、配置PC 的思科VPN客户端

思科VPNClient X64 下载地址：CISCO 64bit VPN Client v5.0.07.0440-k9

思科VPNClient X86 下载地址：CISCO 32bit VPN Client v5.0.07.0410-k9

五、检查配置结果

VPNClient在FortiGate上的debug拨号过程：

FortiGate1-HQ-BJ # diagnose debug application ike -1

Debug messages will be on for 22 minutes.

FortiGate1-HQ-BJ # diagnose debug enable

FortiGate1-HQ-BJ # ike 0: comes 192.168.91.254:59646->100.1.1.1:500,ifindex=3....

ike 0: IKEv1 exchange=Aggressive id=2e4756b7ce7637f9/0000000000000000 len=849

ike 0: in 2E4756B7CE7637F900000000000000000110040000000000000003510400022C0000000100000001000002200101000E03000028010100008001000780020002800400028003FDE9800B0001000C00040020C49B800E010003000028020100008001000780020001800400028003FDE9800B0001000C00040020C49B800E0100030000280301000080010007800200028004000280030001800B0001000C00040020C49B800E0100030000280401000080010007800200018004000280030001800B0001000C00040020C49B800E010003000028050100008001000780020002800400028003FDE9800B0001000C00040020C49B800E008003000028060100008001000780020001800400028003FDE9800B0001000C00040020C49B800E0080030000280701000080010007800200028004000280030001800B0001000C00040020C49B800E0080030000280801000080010007800200018004000280030001800B0001000C00040020C49B800E008003000024090100008001000580020002800400028003FDE9800B0001000C00040020C49B030000240A0100008001000580020001800400028003FDE9800B0001000C00040020C49B030000240B01000080010005800200028004000280030001800B0001000C00040020C49B030000240C01000080010005800200018004000280030001800B0001000C00040020C49B030000240D0100008001000180020001800400028003FDE9800B0001000C00040020C49B000000240E01000080010001800200018004000280030001800B0001000C00040020C49B0A000084E185A462C29104C6552772D8DE5F92A7FDC52FB73F3E168ACF1093960CAA95E662E7CE210741C8391E5D04BEFBF5A60CBCE678E7E98D81F17ACED7CAD6F506C3E637139BCD9B6865F6B212502CFFF2697BB0774213E787EDC7D5C30670CE6426544F21D9BB825B0827D1C211B5A5FC78CE9B022F502C78D7B10EA837A66E7BDC0500001878AB4CCD2A7477F433DE72E8F6DD597A63DB22C20D00000D0B1101F4636973636F0D00000C09002689DFD6B7120D000014AFCAD71368A1F1C96B8696FC775701000D0000184048B7D56EBCE88525E7DE7F00D6C2D3800000000D00001490CB80913EBB696E086381B5EC427B1F0000001412F5F28C457168A9702D9FE274CC010000000000000000000000000000000000

ike 0:2e4756b7ce7637f9/0000000000000000:47: responder: aggressive mode get 1st message...

ike 0:2e4756b7ce7637f9/0000000000000000:47: VID draft-ietf-ipsra-isakmp-xauth-06.txt 09002689DFD6B712

ike 0:2e4756b7ce7637f9/0000000000000000:47: VID DPD AFCAD71368A1F1C96B8696FC77570100

ike 0:2e4756b7ce7637f9/0000000000000000:47: VID FRAGMENTATION 4048B7D56EBCE88525E7DE7F00D6C2D380000000

ike 0:2e4756b7ce7637f9/0000000000000000:47: VID draft-ietf-ipsec-nat-t-ike-02\n 90CB80913EBB696E086381B5EC427B1F

ike 0:2e4756b7ce7637f9/0000000000000000:47: VID CISCO-UNITY 12F5F28C457168A9702D9FE274CC0100

ike 0::47: received peer identifier KEY_ID

ike 0: IKEv1 Aggressive, comes 192.168.91.254:59646->100.1.1.1 3

ike 0:2e4756b7ce7637f9/0000000000000000:47: negotiation result

ike 0:2e4756b7ce7637f9/0000000000000000:47: proposal id = 1:

ike 0:2e4756b7ce7637f9/0000000000000000:47: protocol id = ISAKMP:

ike 0:2e4756b7ce7637f9/0000000000000000:47: trans_id = KEY_IKE.

ike 0:2e4756b7ce7637f9/0000000000000000:47: encapsulation = IKE/none

ike 0:2e4756b7ce7637f9/0000000000000000:47: type=OAKLEY_ENCRYPT_ALG, val=DES_CBC.

ike 0:2e4756b7ce7637f9/0000000000000000:47: type=OAKLEY_HASH_ALG, val=MD5.

ike 0:2e4756b7ce7637f9/0000000000000000:47: type=AUTH_METHOD, val=PRESHARED_KEY_XAUTH_I.

ike 0:2e4756b7ce7637f9/0000000000000000:47: type=OAKLEY_GROUP, val=MODP1024.

ike 0:2e4756b7ce7637f9/0000000000000000:47: ISAKMP SA lifetime=86400

ike 0:2e4756b7ce7637f9/0000000000000000:47: SA proposal chosen, matched gateway Dia-Cisco

ike 0:Dia-Cisco: created connection: 0xc553260 3 100.1.1.1->192.168.91.254:59646.

ike 0:Dia-Cisco: HA L3 state 1/0

ike 0:Dia-Cisco:47: DPD negotiated

ike 0:Dia-Cisco:47: XAUTHv6 negotiated

ike 0:Dia-Cisco:47: peer supports UNITY

ike 0:Dia-Cisco:47: selected NAT-T version: draft-ietf-ipsec-nat-t-ike-02\n

ike 0:Dia-Cisco:47: cookie 2e4756b7ce7637f9/79f7431e86eeaa6a

ike 0:Dia-Cisco:47: ISAKMP SA 2e4756b7ce7637f9/79f7431e86eeaa6a key 8:FEE4B38D33147AAE

ike 0:Dia-Cisco:47: out 2E4756B7CE7637F979F7431E86EEAA6A0110040000000000000001BC0400003800000001000000010000002C01010001000000240D0100008001000180020001800400028003FDE9800B0001000C00040020C49B0A00008499158063509EFCEAC8DFA0652C368E4D2BEA337EF33CE2E8B3683FABA9ECAFDACAABCBC49A8D33BDE95F9B0BD5900F05FF2456F83316CF0C5282BD023A6E4E59582A7A58FD562DD1B95677E6F92F911C4657AA9B0B696136B367BFEB62D37E40C6ABB55D8D2360BC7D898D42F511E4240BAF50DCE1EF578AB06C702E50240C0F050000143B998CF0308627B44AAA07080C0C45A40800000C01000000640101010D000014CA25C3857A9EA469FF207EE8E3FDC9AA8200001490CB80913EBB696E086381B5EC427B1F820000141E91183921D115D5C7A97F03F21FCDB30D000014CAE3618C1237C83EFAAC463C3167FE970D000014AFCAD71368A1F1C96B8696FC775701000D00000C09002689DFD6B7120D00001412F5F28C457168A9702D9FE274CC02040D0000148299031757A36082C6A621DE000000000D0000144048B7D56EBCE88525E7DE7F00D6C2D3000000184048B7D56EBCE88525E7DE7F00D6C2D3C0000000

ike 0:Dia-Cisco:47: sent IKE msg (agg_r1send): 100.1.1.1:500->192.168.91.254:59646, len=444, id=2e4756b7ce7637f9/79f7431e86eeaa6a

ike 0: comes 192.168.91.254:59647->100.1.1.1:4500,ifindex=3....

ike 0: IKEv1 exchange=Aggressive id=2e4756b7ce7637f9/79f7431e86eeaa6a len=156

ike 0: in 2E4756B7CE7637F979F7431E86EEAA6A08100401000000000000009C0D01EF24C33D7E7E1D1477129E0D2AB7F65080775E44955AA3CD88C32D4F0C3C3182BEC44879EEF4705619BAAE353DA27CB4EFDFD62893FF51E519AB1D8382D6475670531A5B5E7AF981B1D5F4C4CD0BAE2F2EAC40CFFD9AE9E5819931A578228310D6F96F9A6ED6C08CDAB539A4E3978DD393E76AC2DE69FA7B1D4A2D256D81

ike 0:Dia-Cisco:47: responder: aggressive mode get 2nd response...

ike 0:Dia-Cisco:47: dec 2E4756B7CE7637F979F7431E86EEAA6A08100401000000000000009C0B000014FB15A3B0AF98F02AAEB8BF6A09C2E1308200001C00000001011060022E4756B7CE7637F979F7431E86EEAA6A82000014C096B1A80D340F99BDAF6DDBEA8FC75B0D0000143002F9282A1437ED6222E0E1B3F57DC30D000014DB80F1AACE7737F97388A53693BE73F20000001412F5F28C457168A9702D9FE274CC0100

ike 0:Dia-Cisco:47: received p1 notify type INITIAL-CONTACT

ike 0:Dia-Cisco:47: received NAT-D payload type 130

ike 0:Dia-Cisco:47: VID unknown (16): DB80F1AACE7737F97388A53693BE73F2

ike 0:Dia-Cisco:47: VID CISCO-UNITY 12F5F28C457168A9702D9FE274CC0100

ike 0:Dia-Cisco:47: peer supports UNITY

ike 0:Dia-Cisco:47: PSK authentication succeeded

ike 0:Dia-Cisco:47: authentication OK

ike 0:Dia-Cisco:47: NAT detected: ME PEER

ike 0:Dia-Cisco:47: remote port change 59646 -> 59647

ike 0:Dia-Cisco: adding new dynamic tunnel for 192.168.91.254:59647

ike 0:Dia-Cisco_0: added new dynamic tunnel for 192.168.91.254:59647

ike 0:Dia-Cisco_0:47: established IKE SA 2e4756b7ce7637f9/79f7431e86eeaa6a

ike 0:Dia-Cisco_0:47: processing INITIAL-CONTACT

ike 0:Dia-Cisco_0: flushing

ike 0:Dia-Cisco_0: flushed

ike 0:Dia-Cisco_0:47: processed INITIAL-CONTACT

ike 0:Dia-Cisco_0:47: send ISAKMP RESPONDER-LIFETIME 86400 sec

ike 0:Dia-Cisco_0:47: enc 2E4756B7CE7637F979F7431E86EEAA6A081005016D3873BC000000580B000014C343EFC06680EDBF8C8C4C9727D92E780000002800000001011060002E4756B7CE7637F979F7431E86EEAA6A800B0001000C000400015180

ike 0:Dia-Cisco_0:47: out 2E4756B7CE7637F979F7431E86EEAA6A081005016D3873BC0000005C59556E4CA0CAF308EFEF9A75BC17B983273061E0E8474820C3602987599FA90FEFE354141CF4C8AFCFBAADA0EE6A6529F65337F6FDE142B00EC795BC0BE81BA7

ike 0:Dia-Cisco_0:47: sent IKE msg (RESPONDER-LIFETIME): 100.1.1.1:4500->192.168.91.254:59647, len=92, id=2e4756b7ce7637f9/79f7431e86eeaa6a:6d3873bc

ike 0:Dia-Cisco_0:47: initiating XAUTH.

ike 0:Dia-Cisco_0:47: sending XAUTH request

ike 0:Dia-Cisco_0:47: enc 2E4756B7CE7637F979F7431E86EEAA6A08100601DB43DFB9000000440E000014C137E9710C3433A42F731C6DF5FBE78D0000001401005CF5C088000040890000408A0000

ike 0:Dia-Cisco_0:47: out 2E4756B7CE7637F979F7431E86EEAA6A08100601DB43DFB90000004C12E4A9C73AC7A78BC5374E8403A9187F133313EAD6AFCFD2159D6FEA4D80C609E202836F793A9ADA8EAC85BDE40C4869

ike 0:Dia-Cisco_0:47: sent IKE msg (cfg_send): 100.1.1.1:4500->192.168.91.254:59647, len=76, id=2e4756b7ce7637f9/79f7431e86eeaa6a:db43dfb9

ike 0:Dia-Cisco_0:47: peer has not completed XAUTH exchange

ike 0:Dia-Cisco: carrier up

ike shrank heap by 155648 bytes

ike 0:ClientDia_0: NAT keep-alive 3 100.1.1.1->192.168.91.254:64916.

ike 0:ClientDia_0:45: out FF

ike 0:ClientDia_0:45: sent IKE msg (keepalive): 100.1.1.1:4500->192.168.91.254:64916, len=1, id=ff00000000000000/0000000000000000

ike 0: comes 192.168.91.254:64916->100.1.1.1:4500,ifindex=3....

ike 0: IKEv1 exchange=Informational id=e08046a1c6a0fc74/ecf4cdb693cada16:9cd39e80 len=100

ike 0: in E08046A1C6A0FC74ECF4CDB693CADA16081005019CD39E8000000064768652154E7EA99FBC729F2DE9C5A169FE9D80E76720FAAEFC0F30DD54840C0D9B055BC28BE230BC7091B544F8D8CBFB98460331BF2DF4DC76E6ADE77F42DE937AF0610831345A46

ike 0:ClientDia_0:45: dec E08046A1C6A0FC74ECF4CDB693CADA16081005019CD39E80000000640B000018D863C0E5B115D526733E1ABE2065AFF20671A5B5000000200000000101108D28E08046A1C6A0FC74ECF4CDB693CADA1600001158D7A8A2AD9C86888FBF93AFA2E5E8F00F

ike 0:ClientDia_0:45: notify msg received: R-U-THERE

ike 0:ClientDia_0:45: enc E08046A1C6A0FC74ECF4CDB693CADA16081005012C4F74FE000000540B000018018F342E951F8292D63664FA81C3F82EF6642280000000200000000101108D29E08046A1C6A0FC74ECF4CDB693CADA1600001158

ike 0:ClientDia_0:45: out E08046A1C6A0FC74ECF4CDB693CADA16081005012C4F74FE0000005C963B3D09C924D26DF99A85304212C48D55A6F5509523429B48347FF8137800FD45C56C3848FFEB47E5EC3AD5BDC74F815DC9C3DEDD8EA3D84740987B1E9A2041

ike 0:ClientDia_0:45: sent IKE msg (R-U-THERE-ACK): 100.1.1.1:4500->192.168.91.254:64916, len=92, id=e08046a1c6a0fc74/ecf4cdb693cada16:2c4f74fe

ike 0:Dia-Cisco_0:47: out 2E4756B7CE7637F979F7431E86EEAA6A08100601DB43DFB90000004C12E4A9C73AC7A78BC5374E8403A9187F133313EAD6AFCFD2159D6FEA4D80C609E202836F793A9ADA8EAC85BDE40C4869

ike 0:Dia-Cisco_0:47: sent IKE msg (CFG_RETRANS): 100.1.1.1:4500->192.168.91.254:59647, len=76, id=2e4756b7ce7637f9/79f7431e86eeaa6a:db43dfb9

ike 0: comes 192.168.91.254:59647->100.1.1.1:4500,ifindex=3....

ike 0: IKEv1 exchange=Mode config id=2e4756b7ce7637f9/79f7431e86eeaa6a:db43dfb9 len=84

ike 0: in 2E4756B7CE7637F979F7431E86EEAA6A08100601DB43DFB90000005409EEAA2C78750D8D66516C1D19934184EE1C871EFF26FC39F3AFAC963588722C1739386CEF641E09BF9566BC02062F7CB58E95CC803AE407

ike 0:Dia-Cisco_0:47: dec 2E4756B7CE7637F979F7431E86EEAA6A08100601DB43DFB9000000540E000014EA9EA23924AF21BD383A1E967D85784C0000002102005CF5C0880000408900057573657231408A00083131313131313131000000

ike 0:Dia-Cisco_0:47: received XAUTH_USER_NAME 'user1' length 5

ike 0:Dia-Cisco_0:47: received XAUTH_USER_PASSWORD length 8

ike 0:Dia-Cisco_0: XAUTH user "user1"

ike 0:Dia-Cisco: auth group IPsec-VPN-Group

ike 0:Dia-Cisco_0: XAUTH succeeded for user "user1" group "IPsec-VPN-Group"

ike 0:Dia-Cisco_0:47: enc 2E4756B7CE7637F979F7431E86EEAA6A08100601682351060000003C0E00001450FFA61C4E48CE18F335241CACF1A19A0000000C03005CF5C08F0001

ike 0:Dia-Cisco_0:47: out 2E4756B7CE7637F979F7431E86EEAA6A081006016823510600000044DCB698DF8FC39351A3409BFA9ECA00E9AE455D233449C72C93348B5F0F084AA94E21A9B99446C393

ike 0:Dia-Cisco_0:47: sent IKE msg (cfg_send): 100.1.1.1:4500->192.168.91.254:59647, len=68, id=2e4756b7ce7637f9/79f7431e86eeaa6a:68235106

ike 0: comes 192.168.91.254:59647->100.1.1.1:4500,ifindex=3....

ike 0: IKEv1 exchange=Mode config id=2e4756b7ce7637f9/79f7431e86eeaa6a:68235106 len=60

ike 0: in 2E4756B7CE7637F979F7431E86EEAA6A08100601682351060000003C757A2B941ACF547931F940A54C2C632272E311B130EAFBD39514F2C36E8FAC32

ike 0:Dia-Cisco_0:47: dec 2E4756B7CE7637F979F7431E86EEAA6A08100601682351060000003C0E00001488D90D7A4AB206916FA2897043F43A5B0000000804005CF500000000

ike 0: comes 192.168.91.254:59647->100.1.1.1:4500,ifindex=3....

ike 0: IKEv1 exchange=Mode config id=2e4756b7ce7637f9/79f7431e86eeaa6a:65f1bd1a len=188

ike 0: in 2E4756B7CE7637F979F7431E86EEAA6A0810060165F1BD1A000000BC133C6D5BA974902B4C536EA07D33268939EDB3C44B5601C33E05FAA1FD95F3B6DBF2362A899EEF0A72546489DB472DC4906B8612AF8CFC328A487DF0E0523154101C97BC2E31B2FD071C6AAAC3FC020BDF68E8621B5145E145D8FCE14866D7E4AB5DA2713FAB3708C54FF5821942AA1F8431C218557C6204F1491897266A0680C9946F33B10FAE9032D04F1B716A6107CF064B2C3C2440CAFCD84AEDA23BE32A

ike 0:Dia-Cisco_0:47: dec 2E4756B7CE7637F979F7431E86EEAA6A0810060165F1BD1A000000BC0E000014847BD8D1A829D9CB113B441B10019C9F00000085010000000001000000020000000300000004000000050000700000007001000070020000700400007003000070070000700B000070090000700C00000007002A436973636F2053797374656D732056504E20436C69656E7420352E302E30372E303434303A57696E4E5470080000700A000F57494E2D545055483136384D39415600000000000000

ike 0:Dia-Cisco_0:47: mode-cfg type 1 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg using allocated IPv4 10.201.1.100

ike 0:Dia-Cisco_0:47: mode-cfg type 2 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg type 3 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg type 4 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg WINS ignored, no WINS servers configured

ike 0:Dia-Cisco_0:47: mode-cfg type 5 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg type 28672 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg UNITY type 28672 requested

ike 0:Dia-Cisco_0:47: mode-cfg no banner configured, ignoring

ike 0:Dia-Cisco_0:47: mode-cfg type 28673 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg UNITY type 28673 requested

ike 0:Dia-Cisco_0:47: mode-cfg type 28674 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg UNITY type 28674 requested

ike 0:Dia-Cisco_0:47: mode-cfg no domain configured, ignoring

ike 0:Dia-Cisco_0:47: mode-cfg type 28676 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg UNITY type 28676 requested

ike 0:Dia-Cisco_0:47: mode-cfg type 28675 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg UNITY type 28675 requested

ike 0:Dia-Cisco_0:47: mode-cfg UNITY type 28675 not supported, ignoring

ike 0:Dia-Cisco_0:47: mode-cfg type 28679 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg UNITY type 28679 requested

ike 0:Dia-Cisco_0:47: mode-cfg type 28683 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg attribute type 28683 not supported, ignoring

ike 0:Dia-Cisco_0:47: mode-cfg type 28681 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg UNITY type 28681 requested

ike 0:Dia-Cisco_0:47: mode-cfg no backup-gateway configured, ignoring

ike 0:Dia-Cisco_0:47: mode-cfg type 28684 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg attribute type 28684 not supported, ignoring

ike 0:Dia-Cisco_0:47: mode-cfg type 7 request 42:'436973636F2053797374656D732056504E20436C69656E7420352E302E30372E303434303A57696E4E54'

ike 0:Dia-Cisco_0:47: mode-cfg received APPLICATION_VERSION 'Cisco Systems VPN Client 5.0.07.0440:WinNT'

ike 0:Dia-Cisco_0:47: mode-cfg type 28680 request 0:''

ike 0:Dia-Cisco_0:47: mode-cfg UNITY type 28680 requested

ike 0:Dia-Cisco_0:47: mode-cfg UNITY type 28680 not supported, ignoring

ike 0:Dia-Cisco_0:47: mode-cfg type 28682 request 15:'57494E2D545055483136384D394156'

ike 0:Dia-Cisco_0:47: mode-cfg UNITY type 28682 requested

ike 0:Dia-Cisco_0:47: mode-cfg UNITY type 28682 not supported, ignoring

ike 0:Dia-Cisco_0:47: mode-cfg assigned (1) IPv4 address 10.201.1.100

ike 0:Dia-Cisco_0:47: mode-cfg assigned (2) IPv4 netmask 255.255.255.0

ike 0:Dia-Cisco_0:47: mode-cfg send (3) IPv4 DNS(1) 114.114.114.114

ike 0:Dia-Cisco_0:47: PFS is disabled

ike 0:Dia-Cisco_0:47: mode-cfg send (28676) IPv4 subnet 192.168.0.0/255.255.255.0 port 0 proto 0

ike 0:Dia-Cisco_0:47: mode-cfg send APPLICATION_VERSION 'FortiGate-VM64-KVM v6.0.4,build0231,190107 (GA)'

ike 0:Dia-Cisco_0:47: mode-cfg INTERNAL_ADDRESS_EXPIRY ignored, address does not expire

ike 0:Dia-Cisco_0:47: client save-password is disabled

ike 0:Dia-Cisco_0:47: enc 2E4756B7CE7637F979F7431E86EEAA6A0810060165F1BD1A000000950E00001436D660BBEFAFBBF30029F84E7A5E525F0000006502000000000100040AC9016400020004FFFFFF0000030004727272727004000EC0A80000FFFFFF000000000000000007002F466F727469476174652D564D36342D4B564D2076362E302E342C6275696C64303233312C3139303130372028474129

ike 0:Dia-Cisco_0:47: out 2E4756B7CE7637F979F7431E86EEAA6A0810060165F1BD1A0000009C90723D8C9DEC7EE44AD8AD8D0CE5C09BB6219B20E2EE31EF27A884D4F3CBA91BFB4D3392372C08F9B48CFE85914973F85593A09F1691C8BA8751FF9C56CD3F7D334375CCFD984B54098BCB1C5856FA97DBA5BECF7B26C2898433A56486CE3C2663D86DAB325AAE5AF30C9B40B124878E999FAEF4642979DBCF2DB0016C74D150

ike 0:Dia-Cisco_0:47: sent IKE msg (cfg_send): 100.1.1.1:4500->192.168.91.254:59647, len=156, id=2e4756b7ce7637f9/79f7431e86eeaa6a:65f1bd1a

ike 0: comes 192.168.91.254:59647->100.1.1.1:4500,ifindex=3....

ike 0: IKEv1 exchange=Quick id=2e4756b7ce7637f9/79f7431e86eeaa6a:2fd2488b len=1028

ike 0: in 2E4756B7CE7637F979F7431E86EEAA6A081020012FD2488B000004048E6B7B23A6171C5E88BCA4F995C9E5EA1E46642B06567963DE2CC87B44F9D0A34520ED106FDFDB24875B4D1155027AE818EE988943AD7F7E68C033C0193120FC9188EE8F262F19CE62D930AD82F9AC2AB82132755B0AD16E0915ED7A4057003397E50DCB8B63DED61F6136D18AF5DBBAB34C1341ED0657968E039CB1DCD8C5985A43337692AD4D17C749A3870C76389CFC5516434C7FE0E2F573ECF2E182BD5F5F2C341DD7E3837197E7222E9DACB91EE4E96BE3E68B14D6A640208758C958FD90A6C217B0FD9C7256859E9DFB0FA5F176E0287A50605E0C3BC2F80C8A8E742CCA1E6AE52DBE20A0DF44276C2A3AFF9854268FEAF96783F623B71797B52BEB097E37B6D3024A8164E326DE4772407C05A6DC949F827962E1060C837E0EA3EF133CB1D44751CDA5AD9F14EE3A99545AB663FD95D38F296993687EDA46D362CA63CB9E4A6CF6E2C88738E7EC83CC8923660CFC2CADA258204F63568B495122E612B4EA32276D80C239BEECB991ABFFB526190DF129052933963721A1217D029C5B45D45D20CB17E21C6679A3A57B0D25DC657F231B17B016CA629E14BD414CA8E6B4E27BA69724834605A8B5A687357D60C8C971AD65B5355FB0BC8A41C0003492EA968BA3515C6AA18CF94DE4A853DA9D50E413A0220885A1F8DD7434E848D2E7ABFD866BFCD5E5EE6E48A99BEA2B2DCDA53D2C158E360F4BF5AE1A8AA9B9CB2106969524520497558E26142DC53EDCE58DA7ACF41D4225CDFCC3B0B3E77CFFA413528A550F2ED20E8ED32C9FC4EDA7F5D51F2A20B3E0EEC1577211FE6D684CB4781B00FC025D9B9AEF4C828F9045530DE375398272D2DEE8438280FAC2FABD2226B5EABBB4B1861DFE2C16C6FE91652C47710D24EF1821428A715622103B3D9AF8C5826E93FB8BB1631ABE9EF85F49F65370ECD9CAB02AD9D2B268CCC4D48B2F3885218F18A165E5EBB0FCA4B4996CDF3B0855FCBF16928006C643EC2B5ED4D6DEC371816A358418D353720C119654AEBCA766563D0567728F0CA732E24B6C737FCEC5224C5B35126C755EF346F7E53E2C9BD338011921D61AF954D06AD1E95C7265D1C50402D4208F9C178C3CD03C9616A38FDF62DF6668566D8FF438D9B6CCDA0D5F360E25CDD5044002A50D6994249AF70DB3492292157A916AF9959415D86AD0B4780C09EADF03C3287857854199DEA31D3FFEABC4B6A3077A96C0C6DFF58419154C45188DD466AC333D9F76D0B3ED7A39AEB2AB9A06FC6A9CCD1687E76D2A33615D450FFAF4342F54404558DA17CDE22851C7345E503CDFD5DA2030814C1B6BB39950EFEB03AAF1B23ED7B7AD8E1B4A60AED8DB5E1558CB5FB4B18467D05E58BA9A0FD1708B49C668EDFA8BC4D719C0CFCF34A90FBF313D6E71B71E5A1650F308D418432CCC

ike 0:Dia-Cisco_0:47:18185: responder received first quick-mode message

ike 0:Dia-Cisco_0:47: dec 2E4756B7CE7637F979F7431E86EEAA6A081020012FD2488B00000404010000142882516555300F4ED123A104059758340A00039A00000001000000010200002C01030401FE1D3C0A00000020010C000080050001800601008004F00380010001000200040020C49B02000022010402016AC400000018010300008004F00380010001000200040020C49B0200002C02030401FE1D3C0A00000020010C000080050002800601008004F00380010001000200040020C49B0200002202040201CDEB00000018010300008004F00380010001000200040020C49B0200002C03030401FE1D3C0A00000020010C000080050001800600808004F00380010001000200040020C49B0200002203040201911600000018010300008004F00380010001000200040020C49B0200002C04030401FE1D3C0A00000020010C000080050002800600808004F00380010001000200040020C49B02000022040402010B1000000018010300008004F00380010001000200040020C49B0200002C05030401FE1D3C0A00000020010C000080050001800601008004F00380010001000200040020C49B0200002C06030401FE1D3C0A00000020010C000080050002800601008004F00380010001000200040020C49B0200002C07030401FE1D3C0A00000020010C000080050001800600808004F00380010001000200040020C49B0200002C08030401FE1D3C0A00000020010C000080050002800600808004F00380010001000200040020C49B0200002809030401FE1D3C0A0000001C01030000800500018004F00380010001000200040020C49B02000022090402018F0600000018010300008004F00380010001000200040020C49B020000280A030401FE1D3C0A0000001C01030000800500028004F00380010001000200040020C49B020000220A040201769100000018010300008004F00380010001000200040020C49B020000280B030401FE1D3C0A0000001C01030000800500018004F00380010001000200040020C49B020000280C030401FE1D3C0A0000001C01030000800500028004F00380010001000200040020C49B020000280D030401FE1D3C0A0000001C01020000800500018004F00380010001000200040020C49B020000220D040201591400000018010300008004F00380010001000200040020C49B020000280E030401FE1D3C0A0000001C01020000800500018004F00380010001000200040020C49B020000280F030401FE1D3C0A0000001C010B0000800500018004F00380010001000200040020C49B0000002810030401FE1D3C0A0000001C010B0000800500028004F00380010001000200040020C49B0500001887EADEA883DEEEB4457B35175D2D210AEC1595F50500000C010000000AC9016400000010040000000000000000000000000000000000

ike 0:Dia-Cisco_0:47:18185: peer proposal is: peer:0:10.201.1.100-10.201.1.100:0, me:0:0.0.0.0-255.255.255.255:0

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trying

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: matched phase2

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: dynamic client

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: my proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 1:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_DES

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=MD5

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_DES

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=SHA1

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 1:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_AES_CBC (key_len = 256)

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=MD5

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 2:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_AES_CBC (key_len = 256)

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=SHA1

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 3:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_AES_CBC (key_len = 128)

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=MD5

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 4:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_AES_CBC (key_len = 128)

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=SHA1

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 5:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_AES_CBC (key_len = 256)

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=MD5

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 6:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_AES_CBC (key_len = 256)

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=SHA1

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 7:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_AES_CBC (key_len = 128)

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=MD5

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 8:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_AES_CBC (key_len = 128)

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=SHA1

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 9:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_3DES

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=MD5

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 10:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_3DES

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=SHA1

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 11:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_3DES

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=MD5

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 12:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_3DES

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=SHA1

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: incoming proposal:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 13:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_DES

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = UDP_ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=MD5

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: negotiation result

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: proposal id = 13:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: protocol id = IPSEC_ESP:

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: trans_id = ESP_DES

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: encapsulation = ENCAPSULATION_MODE_TUNNEL

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: type = AUTH_ALG, val=MD5

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: using udp tunnel mode.

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: add ISAKMP RESPONDER-LIFETIME 86400

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: add RESPONDER-LIFETIME 43200 seconds

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: replay protection enabled

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: SA life soft seconds=43189.

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: SA life hard seconds=43200.

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: IPsec SA selectors #src=1 #dst=1

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: src 0 7 0:0.0.0.0-255.255.255.255:0

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: dst 0 7 0:10.201.1.100-10.201.1.100:0

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: add dynamic IPsec SA selectors

ike 0:Dia-Cisco:18185: add route 10.201.1.100/255.255.255.255 gw 192.168.91.254 oif Dia-Cisco(16) metric 15 priority 0

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: tunnel 2 of VDOM limit 0/0

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: add IPsec SA: SPIs=846c1087/fe1d3c0a

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: IPsec SA dec spi 846c1087 key 8:58C97BDE4F344545 auth 16:491C2D45403585CAEAD5CCD8F0260B25

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: IPsec SA enc spi fe1d3c0a key 8:10B8CB9C3569E484 auth 16:B397A57EB470DD9D2801B04027DDF76A

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: added IPsec SA: SPIs=846c1087/fe1d3c0a

ike 0:Dia-Cisco_0:47:Dia-Cisco:18185: sending SNMP tunnel UP trap

ike 0:Dia-Cisco_0:47: enc 2E4756B7CE7637F979F7431E86EEAA6A081020012FD2488B000000D8010000148629B71E2D09F5EE24215C78E84764B60A0000340000000100000001000000280D030401846C10870000001C01020000800500018004F00380010001000200040020C49B05000014EE4D9A29A113E9C42762FD22E7732ADC0500000C010000000AC901640B0000100400000000000000000000000B00002800000001011060002E4756B7CE7637F979F7431E86EEAA6A800B0001000C0004000151800000001C0000000103046000846C108780010001000200040000A8C0

ike 0:Dia-Cisco_0:47: out 2E4756B7CE7637F979F7431E86EEAA6A081020012FD2488B000000DCD50243B903EF57C65FCC15F3C70A7004CBF064B5C37C4231C6EFC72A402F6E381DC59D7CAD2819936FFBFDA82A88BCBB81CD248EE2A7DC2FA52B9C76E81A0BBAF38C6CB20E9B8E8AA986E3903D080B119B08DF3DC606D987EE638FFA3C51AE7C2B8B5AE223DEFFBA38906ACC65EC754D1E4A2B58488233B0FB621BA4A2DEF76155434D0A2E90D93BDBE7625E37846AD5A6F0E88E0F5186C0DCE9683DB433A13DCB16B32A7BE1D4742E5FE28A47D4F8A8F34502807A3DAF126270C2DC1B4F358E

ike 0:Dia-Cisco_0:47: sent IKE msg (quick_r1send): 100.1.1.1:4500->192.168.91.254:59647, len=220, id=2e4756b7ce7637f9/79f7431e86eeaa6a:2fd2488b

ike 0: comes 192.168.91.254:59647->100.1.1.1:4500,ifindex=3....

ike 0: IKEv1 exchange=Quick id=2e4756b7ce7637f9/79f7431e86eeaa6a:2fd2488b len=52

ike 0: in 2E4756B7CE7637F979F7431E86EEAA6A081020012FD2488B00000034AE2F47A1B497F2DF00135D323E62232B03F0B46BC14BB3BD

ike 0:Dia-Cisco_0:47: dec 2E4756B7CE7637F979F7431E86EEAA6A081020012FD2488B0000003400000014C30AB00ABAFE570C39035EE13D4986C800000000

ike 0:Dia-Cisco_0:Dia-Cisco:18185: send SA_DONE SPI 0xfe1d3c0a

ike shrank heap by 86016 bytes

ike 0:ClientDia_0: NAT keep-alive 3 100.1.1.1->192.168.91.254:64916.

ike 0:ClientDia_0:45: out FF

ike 0:ClientDia_0:45: sent IKE msg (keepalive): 100.1.1.1:4500->192.168.91.254:64916, len=1, id=ff00000000000000/0000000000000000

ike 0: comes 192.168.91.254:64916->100.1.1.1:4500,ifindex=3....

ike 0: IKEv1 exchange=Informational id=e08046a1c6a0fc74/ecf4cdb693cada16:bd9f6014 len=100

ike 0: in E08046A1C6A0FC74ECF4CDB693CADA1608100501BD9F6014000000644A6120C612EDEB61B57C1F895227185B90D5EDFFA3ED73C0E543540651C90E92F2C5115FDEA3BF1A31525C515367613AC9310965417664AF8F2459F785444E51916F7600AFEAE0D7

ike 0:ClientDia_0:45: dec E08046A1C6A0FC74ECF4CDB693CADA1608100501BD9F6014000000640B0000182EE3EF85E3C5011E703124445A05E48070DDE3B4000000200000000101108D28E08046A1C6A0FC74ECF4CDB693CADA160000115992A4DB9ED098A7CAB9D891E392F4F40F

ike 0:ClientDia_0:45: notify msg received: R-U-THERE

ike 0:ClientDia_0:45: enc E08046A1C6A0FC74ECF4CDB693CADA16081005014627A208000000540B0000183ABA9D58F5A8D6B5AB41EB1A28ABA95D8BEBEE3A000000200000000101108D29E08046A1C6A0FC74ECF4CDB693CADA1600001159

ike 0:ClientDia_0:45: out E08046A1C6A0FC74ECF4CDB693CADA16081005014627A2080000005C70CD394E24604CEF5C82AD4A52B45DB02D89569D9F9EBF23E33A8C746564C6BFE02B7ACC083169A9C016F628EB918A7E6C24D8F23A41E7FADA6647823F53A9A0

ike 0:ClientDia_0:45: sent IKE msg (R-U-THERE-ACK): 100.1.1.1:4500->192.168.91.254:64916, len=92, id=e08046a1c6a0fc74/ecf4cdb693cada16:4627a208

FortiGate1-HQ-BJ # diagnose vpn ike gateway list

vd: root/0

name: ClientDia_0

version: 1

interface: port1 3

addr: 100.1.1.1:4500 -> 192.168.91.254:64916

created: 4542s ago

xauth-user: user1

assigned IPv4 address: 10.200.1.100/255.255.255.0

nat: me peer

IKE SA: created 1/1 established 1/1 time 2180/2180/2180 ms

IPsec SA: created 0/1 established 0/1 time 0/0/0 ms

id/spi: 45 e08046a1c6a0fc74/ecf4cdb693cada16

direction: responder

status: established 4542-4540s ago = 2180ms

proposal: des-sha1

key: 811d0d84fc722f0d

lifetime/rekey: 28800/23989

DPD sent/recv: 00000000/00001184

vd: root/0

name: Dia-Cisco_0

version: 1

interface: port1 3

addr: 100.1.1.1:4500 -> 192.168.91.254:59647

created: 356s ago

xauth-user: user1

peer-id: cisco

peer-id-auth: yes

assigned IPv4 address: 10.201.1.100/255.255.255.0

nat: me peer

IKE SA: created 1/1 established 1/1 time 0/0/0 ms

IPsec SA: created 1/1 established 1/1 time 460/460/460 ms

id/spi: 47 2e4756b7ce7637f9/79f7431e86eeaa6a

direction: responder

status: established 356-356s ago = 0ms

proposal: des-md5

key: fee4b38d33147aae

lifetime/rekey: 86400/85773

DPD sent/recv: 00000000/00000000

peer-id: cisco

FortiGate1-HQ-BJ #

FortiGate1-HQ-BJ # diagnose vpn tunnel list

list all ipsec tunnel in vd 0

------------------------------------------------------

name=Dia-Cisco ver=1 serial=1d 100.1.1.1:0->0.0.0.0:0

bound_if=3 lgwy=static/1 tun=intf/0 mode=dialup/2 encap=none/0

proxyid_num=0 child_num=1 refcnt=15 ilast=3231 olast=3231 ad=/0

stat: rxp=0 txp=0 rxb=0 txb=0

dpd: mode=on-idle on=0 idle=60000ms retry=3 count=0 seqno=0

natt: mode=none draft=0 interval=0 remote_port=0

run_tally=1

ipv4 route tree:

10.201.1.100->10.201.1.100 0

------------------------------------------------------

name=ClientDia ver=1 serial=13 100.1.1.1:0->0.0.0.0:0

bound_if=3 lgwy=static/1 tun=intf/0 mode=dialup/2 encap=none/0

proxyid_num=0 child_num=1 refcnt=12 ilast=5233 olast=5233 ad=/0

stat: rxp=0 txp=0 rxb=0 txb=0

dpd: mode=on-idle on=0 idle=60000ms retry=3 count=0 seqno=0

natt: mode=none draft=0 interval=0 remote_port=0

run_tally=1

------------------------------------------------------

name=Dia-Cisco_0 ver=1 serial=1f 100.1.1.1:4500->192.168.91.254:59647

bound_if=3 lgwy=static/1 tun=intf/0 mode=dial_inst/3 encap=none/384 options[0180]=rgwy-chg rport-chg

parent=Dia-Cisco index=0

proxyid_num=1 child_num=0 refcnt=7 ilast=0 olast=0 ad=/0

stat: rxp=352 txp=352 rxb=42240 txb=21120

dpd: mode=on-idle on=1 idle=60000ms retry=3 count=0 seqno=0

natt: mode=keepalive draft=8 interval=10 remote_port=59647

proxyid=Dia-Cisco proto=0 sa=1 ref=2 serial=1 add-route

src: 0:0.0.0.0-255.255.255.255:0

dst: 0:10.201.1.100-10.201.1.100:0

SA: ref=3 options=a7 type=00 soft=0 mtu=1438 expire=42833/0B replaywin=2048

seqno=161 esn=0 replaywin_lastseq=00000160 itn=0

life: type=01 bytes=0/0 timeout=43189/43200

dec: spi=846c1087 esp=des key=8 58c97bde4f344545

ah=md5 key=16 491c2d45403585caead5ccd8f0260b25

enc: spi=fe1d3c0a esp=des key=8 10b8cb9c3569e484

ah=md5 key=16 b397a57eb470dd9d2801b04027ddf76a

dec:pkts/bytes=352/21120, enc:pkts/bytes=352/42240

------------------------------------------------------

name=ClientDia_0 ver=1 serial=1c 100.1.1.1:4500->192.168.91.254:64916

bound_if=3 lgwy=static/1 tun=intf/0 mode=dial_inst/3 encap=none/384 options[0180]=rgwy-chg rport-chg

parent=ClientDia index=0

proxyid_num=0 child_num=0 refcnt=5 ilast=0 olast=0 ad=/0

stat: rxp=72 txp=57 rxb=10048 txb=4788

dpd: mode=on-idle on=1 idle=60000ms retry=3 count=0 seqno=0

natt: mode=keepalive draft=32 interval=10 remote_port=64916

FortiGate1-HQ-BJ #

FortiGate1-HQ-BJ # get router info routing-table all

Routing table for VRF=0

Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP

O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default

S* 0.0.0.0/0 [10/0] via 100.1.1.254, port1

S 10.201.1.100/32 [15/0] via 192.168.91.254, Dia-Cisco

C 100.1.1.0/24 is directly connected, port1

C 192.168.0.0/24 is directly connected, port2

FortiGate1-HQ-BJ #