ipsec ISAKMP ikev1 decryption for AES
Hi,
I need to decrypt the informational ISAKMP packets sent out after the tunnel is established and running. the final encryption key and the SPI initiator obtained from racoon logs is not decrypting them.
I am able to decrypt the packets ISAKMP fresh packets after a tunnel restart with new set of keys. But for already established state is not working. I have the final encryption key after this initiator SPI is created and it still doesn't work packets generated in an already established tunnel. Is the encryption of these packets any different from those in initial setup phase.
Are these ISAKMP informational packets encrypted with any other key than the final encryption key. ??
below is the packet.
packet time is 10:55:05
Internet Security Association and Key Management Protocol
Initiator SPI: fa6da399e305c587
Responder SPI: baacfff839c8277f
Next payload: Hash (8)
Version: 1.0
Exchange type: Informational (5)
Flags: 0x01
Message ID: 0xfb388c6f
Length: 92
Encrypted Data (64 bytes)
tunnel keys and time line
10:16:52 server45-02 racoon: DEBUG: final encryption key computed:62f2c836 8cc71da8 bd5e4d7f 890be863 57ab991e a733a808 d590cdf3 7cf7ed70
10:16:52 server45-02 racoon: INFO: ISAKMP-SA established 23.10.1.8[500]-85.16.71.13[500] spi:fa6da399e305c587:baacfff839c8277f
10:16:52 server45-02 racoon: INFO: IPsec-SA established: ESP/Tunnel 85.16.71.13[0]->23.10.1.8[0] spi=82208760(0x4e667f8)
10:16:52 server45-02 racoon: INFO: IPsec-SA established: ESP/Tunnel 23.101.1.8[500]->85.16.71.13[500] spi=134335878(0x801cd86)
10:55:02 ISAKMP packets encrypted informational
11:16:52 server45-02 racoon: INFO: ISAKMP-SA expired 23.10.1.8[500]-85.16.71.13[500] spi:fa6da399e305c587:baacfff839c8277f
Hi
can you please let me know how you bought up IPSEC setup with you
if possible can you please send the decrypted sniffer packets of IPSEC
it would much helpful for my work