What is causing the problem?

– by 0

— Exhibit —
user@host> show log ike-test

Jun 13 10:36:52 ike_st_i_cr: Start
Jun 13 10:36:52 ike_st_i_cert: Start
Jun 13 10:36:52 ike_st_i_private: Start
Jun 13 10:36:52 ike_st_o_iD. Start
Jun 13 10:36:52 ike_st_o_hash: Start
Jun 13 10:36:52 ike_find_pre_shared_key: Find pre shared key key for 172.168.100.2:500, id = ipv4(udp:500,[0..3]=172.168.100.2) -> 192.168.101.2:500, id =
No Id Jun 13 10:36:52 ike_policy_reply_find_pre_shared_key: Start
Jun 13 10:36:52 ike_calc_maC. Start, initiator = true, local = true
Jun 13 10:36:52 ike_st_o_status_n: Start
Jun 13 10:36:52 ike_st_o_private: Start
Jun 13 10:36:52 ike_policy_reply_private_payload_out: Start
Jun 13 10:36:52 ike_st_o_encrypt: Marking encryption for packet
Jun 13 10:36:52 ike_encode_packet: Start, SA = { 0x86b8160b 93a10c7c – c6c3a771 f0475656 } / 00000000, nego = -1
Jun 13 10:36:52 ike_send_packet: Start, send SA = { 86b8160b 93a10c7c – c6c3a771 f0475656}, nego = -1, src = 172.168.100.2:500, dst = 192.168.101.2:500,
routing table id = 0 Jun 13 10:36:52 ike_get_sA. Start, SA = { 86b8160b 93a10c7c – c6c3a771 f0475656 } / 4cb03305, remote = 192.168.101.2:500
Jun 13 10:36:52 ike_sa_finD. Found SA = { 86b8160b 93a10c7c – c6c3a771 f0475656 }
Jun 13 10:36:52 ike_alloc_negotiation: Start, SA = { 86b8160b 93a10c7c – c6c3a771 f0475656}
Jun 13 10:36:52 ike_decode_packet: Start
Jun 13 10:36:52 ike_decode_packet: Start, SA = { 86b8160b 93a10c7c – c6c3a771 f0475656} / 4cb03305, nego = 0
Jun 13 10:36:52 ike_st_i_n: Start, doi = 1, protocol = 1, code = Payload malformed (16), spi[0..16] = 86b8160b 93a10c7c …, data[0..113] = 800c0001 80030081

Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Notification data has
attribute list
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Notify message
version = 1
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending payload
type = 129
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending payload
data offset = 1
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Error text = Incorrect
pre-shared key (Reserved not 0)
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Offending message
id = 0x00000000
Jun 13 10:36:52 172.168.100.2:500 (Responder) -> 192.168.101.2:500 { 86b8160b 93a10c7c – c6c3a771 f0475656 [0] / 0x4cb03305 } Info; Received notify err =
Payload malformed (16) to isakmp sa, delete it

Jun 13 10:37:07 ike_free_negotiation_info: Start, nego = 0
Jun 13 10:37:07 ike_free_negotiation: Start, nego = 0
Jun 13 10:37:07 ike_retransmit_callback: Start, retransmit SA = { 17ef27d0 508bc5db – 00000000 00000000}, nego = -1
Jun 13 10:37:07 ike_send_packet: Start, retransmit previous packet SA = { 17ef27d0 508bc5db – 00000000 00000000}, nego = -1, src = 172.168.100.2:500, dst
= 192.168.103.3:500, routing table id = 0

Jun 13 10:37:17 ike_free_negotiation_info: Start, nego = 0 Jun 13 10:37:17 ike_free_negotiation: Start, nego = 0
Jun 13 10:37:19 ike_get_sA. Start, SA = { 4326380f a67dbcf3 – 00000000 00000000 } / 00000000, remote = 192.168.103.2:500
Jun 13 10:37:19 ike_sa_allocate: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d }
Jun 13 10:37:19 ike_init_isakmp_sA. Start, remote = 192.168.103.2:500, initiator = 0
Jun 13 10:37:19 ike_decode_packet: Start
Jun 13 10:37:19 ike_decode_packet: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d} / 00000000, nego = -1
Jun 13 10:37:19 ike_decode_payload_sA. Start
Jun 13 10:37:19 ike_decode_payload_t: Start, # trans = 2
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = afcad713 68a1f1c9 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..28] = 69936922 8741c6d4 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 27bab5dc 01ea0760 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 6105c422 e76847e4 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 4485152d 18b6bbcd … Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = cd604643 35df21f8 …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 90cb8091 3ebb696e …
Jun 13 10:37:19 ike_st_i_viD. VID[0..16] = 7d9419a6 5310ca6f …
Jun 13 10:37:19 ike_st_i_sa_proposal: Start Jun 13 10:37:19 ike_isakmp_sa_reply: Start Jun 13 10:37:19 ike_st_i_cr: Start
Jun 13 10:37:19 ike_st_i_cert: Start
Jun 13 10:37:19 ike_st_i_private: Start
Jun 13 10:37:19 ike_st_o_sa_values: Start
Jun 13 10:37:19 172.168.100.2:500 (Responder) -> 192.168.103.2:500 { 4326380f a67dbcf3 – a8307123 9c0e1f9d [-1] / 0x00000000 } IP; Error = No proposal
chosen (14) Jun 13 10:37:19 ike_alloc_negotiation: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d}
Jun 13 10:37:19 ike_encode_packet: Start, SA = { 0x4326380f a67dbcf3 – a8307123 9c0e1f9d } / 1a8c665d, nego = 0
Jun 13 10:37:19 ike_send_packet: Start, send SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d}, nego = 0, src = 172.168.100.2:500, dst = 192.168.103.2:500,
routing table id = 0
Jun 13 10:37:19 ike_delete_negotiation: Start, SA = { 4326380f a67dbcf3 – a8307123 9c0e1f9d}, nego = 0
— Exhibit —
Click the Exhibit button.
You are asked to set up an IPsec tunnel to the destination 192.168.103.2. After applying the configuration, you notice in the show security ike securityassociations output that the destination stays in a down state.
Referring to exhibit, what is causing the problem?
A. The preshared key is incorrect.
B. The proposal does not match.
C. The gateway is incorrect.
D. The IKE policy does not match.

Download Printable PDF. VALID exam to help you PASS.

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.