****** 28588.0: <Trust/trust> packet received [60]******
ipid = 21879(5577), @000bb84e
packet passed sanity check.
trust:192.168.1.2/64307->192.168.119.1/512,1(8/0)<Root>
chose interface trust as incoming nat if.
search route to (192.168.1.2->192.168.119.1) in vr trust-vr for vsd-0/flag-0/ifp-null
route 192.168.119.1->192.168.2.1, to untrust
routed (192.168.119.1, 0.0.0.0) from trust (trust in 0) to untrust
policy search from zone 2-> zone 1
Permitted by policy 30
No src xlate choose interface untrust as outgoing phy if
no loop on ifp untrust.
session application type 0, name None, timeout 60sec
service lookup identified service 0.
existing vector list 5-168d520.
Session (id:767) created for first pak 5
--- more ---
cache mac in the session
flow got session.
flow session id 767
post addr xlation: 192.168.1.2->192.168.119.1.
going into tunnel 40000005.
flow_encrypt: vector=664ddc.
chip info: PIO. Tunnel id 00000005
(vn2) doing ESP encryption and size =64
ipsec encrypt prepare engine done
ipsec encrypt set engine done
ipsec encrypt engine released
ipsec encrypt done
out encryption tunnel 40000005 gw:192.168.2.1
no more encapping needed.
packet send out to 0001710113e4 through untrust
****** 28589.0: <Trust/trust> packet received [60]******
ipid = 21883(557b), @000bd84e
packet passed sanity check.
trust:192.168.1.2/64563->192.168.119.1/512,1(8/0)<Root>
chose interface trust as incoming nat if.
search route to (192.168.1.2->192.168.119.1) in vr trust-vr for vsd-0/flag-0/ifp-null
route 192.168.119.1->192.168.2.1, to untrust
--- more ---
routed (192.168.119.1, 0.0.0.0) from trust (trust in 0) to untrust
policy search from zone 2-> zone 1
Permitted by policy 30
No src xlate choose interface untrust as outgoing phy if
no loop on ifp untrust.
session application type 0, name None, timeout 60sec
service lookup identified service 0.
existing vector list 5-168d520.
Session (id:270) created for first pak 5
cache mac in the session
flow got session.
flow session id 270
post addr xlation: 192.168.1.2->192.168.119.1.
going into tunnel 40000005.
flow_encrypt: vector=664ddc.
chip info: PIO. Tunnel id 00000005
(vn2) doing ESP encryption and size =64
ipsec encrypt prepare engine done
ipsec encrypt set engine done
ipsec encrypt engine released
ipsec encrypt done
out encryption tunnel 40000005 gw:192.168.2.1
--- more ---
no more encapping needed.
packet send out to 0001710113e4 through untrust
****** 28591.0: <Trust/trust> packet received [128]******
ipid = 21886(557e), @000bf84e
packet passed sanity check.
trust:192.168.1.2/1024->192.168.1.100/4340,1(0/0)<Root>
existing session found. sess token 2
flow got session.
flow session id 1043
existing vector list 0-13067a0.
post addr xlation: 192.168.1.2->192.168.1.100.
packet is for self, copy packet to self
copy pakcet to us.
processing packet through normal path.
packet passed sanity check.
self:192.168.1.100/4440->192.168.1.1/1024,1(8/0)<Root>
policy id = 320000(Deny), tunnel = 0
search route to (0.0.0.0->192.168.1.1) in vr trust-vr for vsd-0/flag-2000/ifp-trust
route 192.168.1.1->0.0.0.0, to trust
routed 192.168.1.1 next hop 192.168.1.1, from self
existing vector list 0-13067a0.
processing packet from self
--- more ---
route to 192.168.1.1
arp entry found for 192.168.1.1
nsp2 wing prepared, ready
flow got session.
flow session id 702
skip ttl adjust for packet from self.
post addr xlation: 192.168.1.100->192.168.1.1.
packet send out to 000cf1c745a1 through trust
****** 28591.0: <Trust/trust> packet received [60]******
ipid = 21887(557f), @000a104e
packet passed sanity check.
trust:192.168.1.2/64819->192.168.119.1/512,1(8/0)<Root>
chose interface trust as incoming nat if.
search route to (192.168.1.2->192.168.119.1) in vr trust-vr for vsd-0/flag-0/ifp-null
route 192.168.119.1->192.168.2.1, to untrust
routed (192.168.119.1, 0.0.0.0) from trust (trust in 0) to untrust
policy search from zone 2-> zone 1
Permitted by policy 30
No src xlate choose interface untrust as outgoing phy if
no loop on ifp untrust.
session application type 0, name None, timeout 60sec
service lookup identified service 0.
--- more ---
existing vector list 5-168d520.
Session (id:707) created for first pak 5
cache mac in the session
flow got session.
flow session id 707
post addr xlation: 192.168.1.2->192.168.119.1.
going into tunnel 40000005.
flow_encrypt: vector=664ddc.
chip info: PIO. Tunnel id 00000005
(vn2) doing ESP encryption and size =64
ipsec encrypt prepare engine done
ipsec encrypt set engine done
ipsec encrypt engine released
ipsec encrypt done
out encryption tunnel 40000005 gw:192.168.2.1
no more encapping needed.
packet send out to 0001710113e4 through untrust
****** 28592.0: <Trust/trust> packet received [60]******
ipid = 21890(5582), @000a284e
packet passed sanity check.
trust:192.168.1.2/65075->192.168.119.1/512,1(8/0)<Root>
chose interface trust as incoming nat if.
--- more ---
search route to (192.168.1.2->192.168.119.1) in vr trust-vr for vsd-0/flag-0/ifp-null
route 192.168.119.1->192.168.2.1, to untrust
routed (192.168.119.1, 0.0.0.0) from trust (trust in 0) to untrust
policy search from zone 2-> zone 1
Permitted by policy 30
No src xlate choose interface untrust as outgoing phy if
no loop on ifp untrust.
session application type 0, name None, timeout 60sec
service lookup identified service 0.
existing vector list 5-168d520.
Session (id:464) created for first pak 5
cache mac in the session
flow got session.
flow session id 464
post addr xlation: 192.168.1.2->192.168.119.1.
going into tunnel 40000005.
flow_encrypt: vector=664ddc.
chip info: PIO. Tunnel id 00000005
(vn2) doing ESP encryption and size =64
ipsec encrypt prepare engine done
ipsec encrypt set engine done
ipsec encrypt engine released
--- more ---
ipsec encrypt done
out encryption tunnel 40000005 gw:192.168.2.1
no more encapping needed.
packet send out to 0001710113e4 through untrust
existing vector list 0-13067a0.
existing vector list 0-13067a0.
existing vector list 0-13067a0.
existing vector list 0-13067a0.
****** 28595.0: <Trust/trust> packet received [128]******
ipid = 21946(55ba), @000a604e
packet passed sanity check.
trust:192.168.1.2/1024->192.168.1.100/4540,1(0/0)<Root>
existing session found. sess token 2
flow got session.
flow session id 752
existing vector list 0-13067a0.
post addr xlation: 192.168.1.2->192.168.1.100.
packet is for self, copy packet to self
copy pakcet to us.
processing packet through normal path.
packet passed sanity check.
self:192.168.1.100/4640->192.168.1.1/1024,1(8/0)<Root>
--- more ---
policy id = 320000(Deny), tunnel = 0
search route to (0.0.0.0->192.168.1.1) in vr trust-vr for vsd-0/flag-2000/ifp-trust
route 192.168.1.1->0.0.0.0, to trust
routed 192.168.1.1 next hop 192.168.1.1, from self
existing vector list 0-13067a0.
processing packet from self
route to 192.168.1.1
arp entry found for 192.168.1.1
nsp2 wing prepared, ready
flow got session.
flow session id 1954
skip ttl adjust for packet from self.
post addr xlation: 192.168.1.100->192.168.1.1.
packet send out to 000cf1c745a1 through trust
****** 28599.0: <Trust/trust> packet received [128]******
ipid = 21994(55ea), @000a984e
packet passed sanity check.
trust:192.168.1.2/1024->192.168.1.100/4740,1(0/0)<Root>
existing session found. sess token 2
flow got session.
flow session id 395
existing vector list 0-13067a0.
--- more ---
post addr xlation: 192.168.1.2->192.168.1.100.
packet is for self, copy packet to self
copy pakcet to us.
processing packet through normal path.
packet passed sanity check.
self:192.168.1.100/4840->192.168.1.1/1024,1(8/0)<Root>
policy id = 320000(Deny), tunnel = 0
search route to (0.0.0.0->192.168.1.1) in vr trust-vr for vsd-0/flag-2000/ifp-trust
route 192.168.1.1->0.0.0.0, to trust
routed 192.168.1.1 next hop 192.168.1.1, from self
existing vector list 0-13067a0.
processing packet from self
route to 192.168.1.1
arp entry found for 192.168.1.1
nsp2 wing prepared, ready
flow got session.
flow session id 607
skip ttl adjust for packet from self.
post addr xlation: 192.168.1.100->192.168.1.1.
packet send out to 000cf1c745a1 through trust