La liste suivante énumère une session de capture de paquets pour une négociation réussie entre NSX Edge et un périphérique Cisco.
No. Time Source Destination Protocol Info
9203 768.394800 10.20.129.80 10.20.131.62 ISAKMP Identity Protection
(Main Mode)
Frame 9203 (190 bytes on wire, 190 bytes captured)
Ethernet II, Src: Vmware_9d:2c:dd (00:50:56:9d:2c:dd),
Dst: Cisco_80:70:f5 (00:13:c4:80:70:f5)
Internet Protocol, Src: 10.20.129.80 (10.20.129.80),
Dst: 10.20.131.62 (10.20.131.62)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Internet Security Association and Key Management Protocol
Initiator cookie: 92585D2D797E9C52
Responder cookie: 0000000000000000
Next payload: Security Association (1)
Version: 1.0
Exchange type: Identity Protection (Main Mode) (2)
Flags: 0x00
Message ID: 0x00000000
Length: 148
Security Association payload
Next payload: Vendor ID (13)
Payload length: 84
Domain of interpretation: IPSEC (1)
Situation: IDENTITY (1)
Proposal payload # 0
Next payload: NONE (0)
Payload length: 72
Proposal number: 0
Protocol ID: ISAKMP (1)
SPI Size: 0
Proposal transforms: 2
Transform payload # 0
Next payload: Transform (3)
Payload length: 32
Transform number: 0
Transform ID: KEY_IKE (1)
Life-Type (11): Seconds (1)
Life-Duration (12): Duration-Value (28800)
Encryption-Algorithm (1): 3DES-CBC (5)
Hash-Algorithm (2): SHA (2)
Authentication-Method (3): PSK (1)
Group-Description (4): 1536 bit MODP group (5)
Transform payload # 1
Next payload: NONE (0)
Payload length: 32
Transform number: 1
Transform ID: KEY_IKE (1)
Life-Type (11): Seconds (1)
Life-Duration (12): Duration-Value (28800)
Encryption-Algorithm (1): 3DES-CBC (5)
Hash-Algorithm (2): SHA (2)
Authentication-Method (3): PSK (1)
Group-Description (4): Alternate 1024-bit MODP group (2)
Vendor ID: 4F456C6A405D72544D42754D
Next payload: Vendor ID (13)
Payload length: 16
Vendor ID: 4F456C6A405D72544D42754D
Vendor ID: RFC 3706 Detecting Dead IKE Peers (DPD)
Next payload: NONE (0)
Payload length: 20
Vendor ID: RFC 3706 Detecting Dead IKE Peers (DPD)
No. Time Source Destination Protocol Info
9204 768.395550 10.20.131.62 10.20.129.80 ISAKMP Identity Protection
(Main Mode)
Frame 9204 (146 bytes on wire, 146 bytes captured)
Ethernet II, Src: Cisco_80:70:f5 (00:13:c4:80:70:f5),
Dst: Vmware_9d:2c:dd (00:50:56:9d:2c:dd)
Internet Protocol, Src: 10.20.131.62 (10.20.131.62),
Dst: 10.20.129.80 (10.20.129.80)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Internet Security Association and Key Management Protocol
Initiator cookie: 92585D2D797E9C52
Responder cookie: 34704CFC8C8DBD09
Next payload: Security Association (1)
Version: 1.0
Exchange type: Identity Protection (Main Mode) (2)
Flags: 0x00
Message ID: 0x00000000
Length: 104
Security Association payload
Next payload: Vendor ID (13)
Payload length: 52
Domain of interpretation: IPSEC (1)
Situation: IDENTITY (1)
Proposal payload # 1
Next payload: NONE (0)
Payload length: 40
Proposal number: 1
Protocol ID: ISAKMP (1)
SPI Size: 0
Proposal transforms: 1
Transform payload # 1
Next payload: NONE (0)
Payload length: 32
Transform number: 1
Transform ID: KEY_IKE (1)
Encryption-Algorithm (1): 3DES-CBC (5)
Hash-Algorithm (2): SHA (2)
Group-Description (4): Alternate 1024-bit MODP group (2)
Authentication-Method (3): PSK (1)
Life-Type (11): Seconds (1)
Life-Duration (12): Duration-Value (28800)
Vendor ID: Microsoft L2TP/IPSec VPN Client
Next payload: NONE (0)
Payload length: 24
Vendor ID: Microsoft L2TP/IPSec VPN Client
No. Time Source Destination Protocol Info
9205 768.399599 10.20.129.80 10.20.131.62 ISAKMP Identity Protection
(Main Mode)
Frame 9205 (222 bytes on wire, 222 bytes captured)
Ethernet II, Src: Vmware_9d:2c:dd (00:50:56:9d:2c:dd),
Dst: Cisco_80:70:f5 (00:13:c4:80:70:f5)
Internet Protocol, Src: 10.20.129.80 (10.20.129.80),
Dst: 10.20.131.62 (10.20.131.62)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Internet Security Association and Key Management Protocol
Initiator cookie: 92585D2D797E9C52
Responder cookie: 34704CFC8C8DBD09
Next payload: Key Exchange (4)
Version: 1.0
Exchange type: Identity Protection (Main Mode) (2)
Flags: 0x00
Message ID: 0x00000000
Length: 180
Key Exchange payload
Next payload: Nonce (10)
Payload length: 132
Key Exchange Data (128 bytes / 1024 bits)
Nonce payload
Next payload: NONE (0)
Payload length: 20
Nonce Data
No. Time Source Destination Protocol Info
9206 768.401192 10.20.131.62 10.20.129.80 ISAKMP Identity Protection
(Main Mode)
Frame 9206 (298 bytes on wire, 298 bytes captured)
Ethernet II, Src: Cisco_80:70:f5 (00:13:c4:80:70:f5),
Dst: Vmware_9d:2c:dd (00:50:56:9d:2c:dd)
Internet Protocol, Src: 10.20.131.62 (10.20.131.62),
Dst: 10.20.129.80 (10.20.129.80)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Internet Security Association and Key Management Protocol
Initiator cookie: 92585D2D797E9C52
Responder cookie: 34704CFC8C8DBD09
Next payload: Key Exchange (4)
Version: 1.0
Exchange type: Identity Protection (Main Mode) (2)
Flags: 0x00
Message ID: 0x00000000
Length: 256
Key Exchange payload
Next payload: Nonce (10)
Payload length: 132
Key Exchange Data (128 bytes / 1024 bits)
Nonce payload
Next payload: Vendor ID (13)
Payload length: 24
Nonce Data
Vendor ID: CISCO-UNITY-1.0
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: CISCO-UNITY-1.0
Vendor ID: draft-beaulieu-ike-xauth-02.txt
Next payload: Vendor ID (13)
Payload length: 12
Vendor ID: draft-beaulieu-ike-xauth-02.txt
Vendor ID: C1B7EBE18C8CBD099E89695E2CB16A4A
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: C1B7EBE18C8CBD099E89695E2CB16A4A
Vendor ID: CISCO-CONCENTRATOR
Next payload: NONE (0)
Payload length: 20
Vendor ID: CISCO-CONCENTRATOR
No. Time Source Destination Protocol Info
9207 768.404990 10.20.129.80 10.20.131.62 ISAKMP Identity Protection
(Main Mode)
Frame 9207 (110 bytes on wire, 110 bytes captured)
Ethernet II, Src: Vmware_9d:2c:dd (00:50:56:9d:2c:dd),
Dst: Cisco_80:70:f5 (00:13:c4:80:70:f5)
Internet Protocol, Src: 10.20.129.80 (10.20.129.80),
Dst: 10.20.131.62 (10.20.131.62)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Internet Security Association and Key Management Protocol
Initiator cookie: 92585D2D797E9C52
Responder cookie: 34704CFC8C8DBD09
Next payload: Identification (5)
Version: 1.0
Exchange type: Identity Protection (Main Mode) (2)
Flags: 0x01
Message ID: 0x00000000
Length: 68
Encrypted payload (40 bytes)
No. Time Source Destination Protocol Info
9208 768.405921 10.20.131.62 10.20.129.80 ISAKMP Identity Protection
(Main Mode)
Frame 9208 (126 bytes on wire, 126 bytes captured)
Ethernet II, Src: Cisco_80:70:f5 (00:13:c4:80:70:f5),
Dst: Vmware_9d:2c:dd (00:50:56:9d:2c:dd)
Internet Protocol, Src: 10.20.131.62 (10.20.131.62),
Dst: 10.20.129.80 (10.20.129.80)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Internet Security Association and Key Management Protocol
Initiator cookie: 92585D2D797E9C52
Responder cookie: 34704CFC8C8DBD09
Next payload: Identification (5)
Version: 1.0
Exchange type: Identity Protection (Main Mode) (2)
Flags: 0x01
Message ID: 0x00000000
Length: 84
Encrypted payload (56 bytes)
No. Time Source Destination Protocol Info
9209 768.409799 10.20.129.80 10.20.131.62 ISAKMP Quick Mode
Frame 9209 (334 bytes on wire, 334 bytes captured)
Ethernet II, Src: Vmware_9d:2c:dd (00:50:56:9d:2c:dd),
Dst: Cisco_80:70:f5 (00:13:c4:80:70:f5)
Internet Protocol, Src: 10.20.129.80 (10.20.129.80),
Dst: 10.20.131.62 (10.20.131.62)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Internet Security Association and Key Management Protocol
Initiator cookie: 92585D2D797E9C52
Responder cookie: 34704CFC8C8DBD09
Next payload: Hash (8)
Version: 1.0
Exchange type: Quick Mode (32)
Flags: 0x01
Message ID: 0x79a63fb1
Length: 292
Encrypted payload (264 bytes)
No. Time Source Destination Protocol Info
9210 768.411797 10.20.131.62 10.20.129.80 ISAKMP Quick Mode
Frame 9210 (334 bytes on wire, 334 bytes captured)
Ethernet II, Src: Cisco_80:70:f5 (00:13:c4:80:70:f5),
Dst: Vmware_9d:2c:dd (00:50:56:9d:2c:dd)
Internet Protocol, Src: 10.20.131.62 (10.20.131.62),
Dst: 10.20.129.80 (10.20.129.80)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Internet Security Association and Key Management Protocol
Initiator cookie: 92585D2D797E9C52
Responder cookie: 34704CFC8C8DBD09
Next payload: Hash (8)
Version: 1.0
Exchange type: Quick Mode (32)
Flags: 0x01
Message ID: 0x79a63fb1
Length: 292
Encrypted payload (264 bytes)
No. Time Source Destination Protocol Info
9211 768.437057 10.20.129.80 10.20.131.62 ISAKMP Quick Mode
Frame 9211 (94 bytes on wire, 94 bytes captured)
Ethernet II, Src: Vmware_9d:2c:dd (00:50:56:9d:2c:dd),
Dst: Cisco_80:70:f5 (00:13:c4:80:70:f5)
Internet Protocol, Src: 10.20.129.80 (10.20.129.80),
Dst: 10.20.131.62 (10.20.131.62)
User Datagram Protocol, Src Port: isakmp (500), Dst Port: isakmp (500)
Internet Security Association and Key Management Protocol
Initiator cookie: 92585D2D797E9C52
Responder cookie: 34704CFC8C8DBD09
Next payload: Hash (8)
Version: 1.0
Exchange type: Quick Mode (32)
Flags: 0x01
Message ID: 0x79a63fb1
Length: 52
Encrypted payload (24 bytes)
