D-Link NetDefend DFL-210 User Manual page 356

9.4.5. Troubleshooting with ikesnoop
Payload data length : 16 bytes
Vendor ID
Description : draft-ietf-ipsec-nat-t-ike-02
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID
Description : draft-ietf-ipsec-nat-t-ike-02
VID (Vendor ID)
Payload data length : 16 bytes
Vendor ID
Description : draft-ietf-ipsec-nat-t-ike-03
Step 3. Clients Begins Key Exchange
The server has accepted a proposal at this point and the client now begins a key exchange. In
addition, NAT detection payloads are sent to detect if NAT is being used.
IkeSnoop: Received IKE packet from 192.168.0.10:500 Exchange type :
Identity Protection (main mode) ISAKMP Version : 1.0
Flags
Cookies
Message ID
Packet length
# payloads
Payloads:
KE (Key Exchange)
Payload data length : 128 bytes
NONCE (Nonce)
Payload data length : 16 bytes
NAT-D (NAT Detection)
Payload data length : 16 bytes
NAT-D (NAT Detection)
Payload data length : 16 bytes
Step 4. Server Sends Key Exchange Data
The Server now sends key exchange data back to the client.
IkeSnoop: Sending IKE packet to 192.168.0.10:500 Exchange type :
Identity Protection (main mode) ISAKMP Version : 1.0
Flags
Cookies
Message ID
Packet length
# payloads
Payloads:
KE (Key Exchange)
Payload data length : 128 bytes
NONCE (Nonce)
Payload data length : 16 bytes
NAT-D (NAT Detection)
Payload data length : 16 bytes
NAT-D (NAT Detection)
Payload data length : 16 bytes
: cd 60 46 43 35 df 21 f8 7c fd b2 fc 68 b6 a4 48
: 90 cb 80 91 3e bb 69 6e 08 63 81 b5 ec 42 7b 1f
: 7d 94 19 a6 53 10 ca 6f 2c 17 9d 92 15 52 9d 56
:
: 0x6098238b67d97ea6 -> 0x5e347cb76e95a
: 0x00000000
: 220 bytes
: 4
:
: 0x6098238b67d97ea6 -> 0x5e347cb76e95a
: 0x00000000
: 220 bytes
: 4
356
Chapter 9. VPN