Autoconnect to IPsec VPN using Entra ID logon session information

This feature enables seamless and secure connectivity for users accessing corporate resources by automatically establishing IPsec VPN connections based on Microsoft Entra ID (formerly known as Azure Active Directory or AD) logon session information.

In the example use case, an organization has implemented a comprehensive security strategy that includes using IPsec VPN for securing communications between its network resources. To enhance user experience and streamline the connectivity process, the organization wants to implement IPsec VPN autoconnect, leveraging Entra ID logon session information. With automated IPsec VPN connections, users can focus on their tasks without the burden of manual VPN setup processes. Leveraging Entra ID logon session information ensures that only compliant and authenticated users can establish IPsec VPN connection.

The following instructions assume the following:

• You have configured an enterprise application on your Entra ID domain.
• The FortiClient (Windows) endpoint is connected to that Entra ID domain.

To configure FortiOS for this use case:

1. Configure the msgraph user:

   config user external-identity-provider
       edit "msgraph"
           set type ms-graph
           set version v1.0
       next
   end

2. Assign the msgraph user to the msgraphgrp group:

   config user group
       edit "msgraphgrp"
           set member "msgraph"
       next
   end

3. Create an IPsec VPN tunnel that uses IKEv2. This example uses childless IKE authentication. Ensure that you enable the azure-ad-autoconnect option:

   config vpn ipsec phase1-interface
       edit "Azure"
           set type dynamic
           set interface "port1"
           set ike-version 2
           set peertype any
           set net-device disable
           set mode-cfg enable
           set proposal aes128-sha256 aes256-sha256 aes128gcm-prfsha256 aes256gcm-prfsha384 chacha20poly1305-prfsha256
           set comments "VPN: Azure (Created by VPN wizard)"
           set dhgrp 5
           set authusrgrp "msgraphgrp"
           set childless-ike enable
           set azure-ad-autoconnect enable
           set ipv4-start-ip 192.168.1.1
           set ipv4-end-ip 192.168.1.255
           set dns-mode auto
           set ipv4-split-include "Azure_split"
           set save-password enable
           set client-auto-negotiate enable
           set client-keep-alive enable
           set psksecret ENC IdtpOOstic/GXm0KwTMjMVlhWoZIcHWPCM5RMfvk9Q7jLbgSwhHhkdyo35bMrNzdUglsq8saXNGM5fcnczNC1X9Yn1E3F3THUE5U+g1XoIgXJt98VoEs4ROYGZaCOQTBusqMgBmtmRGSY3kZVzgk+Ym+lCpEPaPvTLxmzXT5h7xl4MFMuOT+6v3cmb6Rz/xoq1zXFg==
       next
   end

To configure EMS for this use case:

1. Go to Endpoint Profiles > Remote Access.
2. Select the desired profile.
3. In XML view, configure the following for the desired tunnel for FortiClient to automatically connect to. This example configures an IPsec VPN tunnel as the tunnel that FortiClient automatically connects to. For <client_id>, enter the Entra ID application ID. For <tenant_name>, enter the Entra ID tenant ID. You can find these values in the Entra ID portal:

   <forticlient_configuration>
       <vpn>
           <enabled>1</enabled>
           <sslvpn>
               <connections/>
               <options>
                   <dnscache_service_control>0</dnscache_service_control>
                   <enabled>1</enabled>
                   <disallow_invalid_server_certificate>0</disallow_invalid_server_certificate>
                   <warn_invalid_server_certificate>1</warn_invalid_server_certificate>
                   <negative_split_tunnel_metric/>
                   <preferred_dtls_tunnel>0</preferred_dtls_tunnel>
                   <prefer_sslvpn_dns>1</prefer_sslvpn_dns>
                   <no_dns_registration>0</no_dns_registration>
               </options>
           </sslvpn>
           <ipsecvpn>
               <connections>
                   <connection>
                       <azure_auto_login>
                           <enabled>1</enabled>
                           <azure_app>
                             <client_id>Example client ID</client_id>
                             <tenant_name>Example tenant ID</tenant_name>
                           </azure_app>
                       </azure_auto_login>
                       <name>IPSEC</name>
                       <uid>AECD683C-310E-4747-815A-B53C86983CFB</uid>
                       <machine>0</machine>
                       <keep_running>0</keep_running>
                       <disclaimer_msg/>
                       <sso_enabled>0</sso_enabled>
                       <single_user_mode>0</single_user_mode>
                       <type>manual</type>
                       <ui>
                           <show_remember_password>1</show_remember_password>
                           <show_alwaysup>1</show_alwaysup>
                           <show_autoconnect>1</show_autoconnect>
                           <show_passcode>0</show_passcode>
                           <save_username>0</save_username>
                       </ui>
                       <redundant_sort_method>0</redundant_sort_method>
                       <tags>
                           <allowed/>
                           <prohibited/>
                       </tags>
                       <host_check_fail_warning/>
                       <ike_settings>
                           <server>172.19.200.113</server>
                           <authentication_method>Preshared Key</authentication_method>
                           <fgt>1</fgt>
                           <prompt_certificate>0</prompt_certificate>
                           <xauth>
                               <use_otp>0</use_otp>
                               <enabled>0</enabled>
                               <prompt_username>0</prompt_username>
                           </xauth>
                           <version>2</version>
                           <mode>aggressive</mode>
                           <key_life>86400</key_life>
                           <localid/>
                           <implied_SPDO>0</implied_SPDO>
                           <implied_SPDO_timeout>96</implied_SPDO_timeout>
                           <nat_traversal>1</nat_traversal>
                           <nat_alive_freq>5</nat_alive_freq>
                           <enable_local_lan>0</enable_local_lan>
                           <enable_ike_fragmentation>0</enable_ike_fragmentation>
                           <mode_config>1</mode_config>
                           <dpd>1</dpd>
                           <dpd_retry_count>3</dpd_retry_count>
                           <dpd_retry_interval>5</dpd_retry_interval>
                           <run_fcauth_system>0</run_fcauth_system>
                           <auth_data>
                               <preshared_key>Enc 8000cad35ca0ce889e17d2f949042781fd02a57a1ae7afb13be95840b7e4</preshared_key>
                           </auth_data>
                           <dhgroup>5;14</dhgroup>
                           <proposals>
                               <proposal>AES128|SHA1</proposal>
                               <proposal>AES256|SHA256</proposal>
                           </proposals>
                       </ike_settings>
                       <ipsec_settings>
                           <remote_networks>
                               <network>
                                   <addr>0.0.0.0</addr>
                                   <mask>0.0.0.0</mask>
                               </network>
                               <network>
                                   <addr>::/0</addr>
                                   <mask>::/0</mask>
                               </network>
                           </remote_networks>
                           <dhgroup>5</dhgroup>
                           <key_life_type>seconds</key_life_type>
                           <key_life_seconds>43200</key_life_seconds>
                           <key_life_Kbytes>5200</key_life_Kbytes>
                           <replay_detection>1</replay_detection>
                           <pfs>1</pfs>
                           <use_vip>1</use_vip>
                           <virtualip>
                               <type>modeconfig</type>
                               <ip>0.0.0.0</ip>
                               <mask>0.0.0.0</mask>
                               <dnsserver>0.0.0.0</dnsserver>
                               <winserver>0.0.0.0</winserver>
                           </virtualip>
                           <proposals>
                               <proposal>AES128|SHA1</proposal>
                               <proposal>AES256|SHA256</proposal>
                           </proposals>
                       </ipsec_settings>
                       <android_cert_path/>
                       <warn_invalid_server_certificate>1</warn_invalid_server_certificate>
                       <on_connect>
                           <script>
                               <os>windows</os>
                               <script/>
                           </script>
                           <script>
                               <os>MacOSX</os>
                               <script/>
                           </script>
                           <script>
                               <os>linux</os>
                               <script/>
                           </script>
                       </on_connect>
                       <on_disconnect>
                           <script>
                               <os>windows</os>
                               <script/>
                           </script>
                           <script>
                               <os>MacOSX</os>
                               <script/>
                           </script>
                           <script>
                               <os>linux</os>
                               <script/>
                           </script>
                       </on_disconnect>
                       <traffic_control>
                           <enabled>0</enabled>
                           <mode>1</mode>
                       </traffic_control>
                   </connection>
               </connections>
               <options>
                   <enhanced_key_usage_mandatory>0</enhanced_key_usage_mandatory>
                   <use_win_local_computer_cert>1</use_win_local_computer_cert>
                   <disable_default_route>0</disable_default_route>
                   <enabled>1</enabled>
                   <usesmcardcert>1</usesmcardcert>
                   <disallow_invalid_server_certificate>0</disallow_invalid_server_certificate>
                   <block_ipv6>1</block_ipv6>
                   <usewincert>1</usewincert>
                   <use_win_current_user_cert>1</use_win_current_user_cert>
                   <show_auth_cert_only>0</show_auth_cert_only>
                   <check_for_cert_private_key>0</check_for_cert_private_key>
                   <uselocalcert>0</uselocalcert>
                   <beep_if_error>0</beep_if_error>
                   <no_dns_registration>0</no_dns_registration>
                   <enable_udp_checksum>0</enable_udp_checksum>
               </options>
           </ipsecvpn>
           <lockdown>
               <enabled>0</enabled>
               <exceptions>
                   <apps/>
                   <ips/>
               </exceptions>
               <max_attempts>3</max_attempts>
               <grace_period>120</grace_period>
           </lockdown>
           <options>
               <on_os_start_connect/>
               <on_os_start_connect_has_priority>0</on_os_start_connect_has_priority>
               <autoconnect_only_when_offnet>0</autoconnect_only_when_offnet>
               <autoconnect_on_install>0</autoconnect_on_install>
               <keep_running_max_tries>0</keep_running_max_tries>
               <suppress_vpn_notification>0</suppress_vpn_notification>
               <secure_remote_access>0</secure_remote_access>
               <minimize_window_on_connect>1</minimize_window_on_connect>
               <allow_sslvpn>0</allow_sslvpn>
               <show_negotiation_wnd>0</show_negotiation_wnd>
               <use_legacy_vpn_before_logon>0</use_legacy_vpn_before_logon>
               <show_vpn_before_logon>0</show_vpn_before_logon>
               <use_windows_credentials>0</use_windows_credentials>
               <disable_connect_disconnect>0</disable_connect_disconnect>
               <allow_personal_vpns>1</allow_personal_vpns>
               <autoconnect_tunnel>IPSEC</autoconnect_tunnel>
           </options>
       </vpn>
       <endpoint_control>
           <ui>
               <display_vpn>1</display_vpn>
           </ui>
       </endpoint_control>
   </forticlient_configuration>

After the profile changes sync to the endpoint, it autoconnects to the IPsec VPN tunnel.

To verify the connection:

1. From the endpoint, ping the internal server located behind the edge FortiGate. The ping succeeds.
2. In FortiOS, go to Dashboard > Network and expand the IPsec widget. Observe that the tunnel is up.

   

3. View debug logs on FortiOS by running diagnose debug enable and diagnose debug application ike-1 commands. The following shows the example output, which includes the endpoint IP address, hostname, and serial number:

   Debug messages will be on for 30 minutes.
   (root) # 2023-11-28 15:52:07.878432 ike 0: comes  172.19.200.185:500>172.19.200.113:500,ifindex=3,vrf=0....
   2023-11-28 15:52:07.878511 ike 0: IKEv2 exchange=SA_INIT id=d9ae37737ffaa01f/0000000000000000 len=468
   2023-11-28 15:52:07.878517 ike 0: in D9AE37737FFAA01F00000000000000002120220800000000000001D42200006C02000034010100050300000C0100000C800E008003000008020000020300000803
   000002030000080400000E000000080400000500000034020100050300000C0100000C800E01000300000802000005030000080300000C030000080400000E0000000804000005280000C80005000029C52815C
   D2472B215CE446B390FE2DF7C6F052B8D7944B839A10FCF82153A4B45D3B643A6E1780214D599926C29C343BEE53AFA1E9E5E2D21E8E50A2401E36EC5C50C087E8BEB44C42E63AE180B6AD200B7C9D0CC383071
   2BFBFE094239F2D8DDD688CCF47ACFEC2E6BF0AA12741D464C3DB27B281D592D6380E8D7B0CFB5EDEA3AD2C708EF3DF586208F6FD4546D5C2BA940B753D85B167F1B579189E4799963B0A52D5F25715F7FADA4A
   374429CDA00A47867F430F12BE423EB60FB026B762B000014B8CC569F7DF724021D79F462613E502E2B0000144C53427B6D465D1B337BB755A37A7FEF29000014B4F01CA951E9DA8D0BAFBBD34AD3044E290000
   1C00004004E899574FF8046F347253D49303195705324AB60F2900001C000040051601420DB7DE78D205377D3EC86A5AC8FBE790D6290000080100F1060000000801004022
   2023-11-28 15:52:07.878529 ike 0:d9ae37737ffaa01f/0000000000000000:31: responder received SA_INIT msg
   2023-11-28 15:52:07.878533 ike 0:d9ae37737ffaa01f/0000000000000000:31: VID forticlient connect license 4C53427B6D465D1B337BB755A37A7FEF
   2023-11-28 15:52:07.878538 ike 0:d9ae37737ffaa01f/0000000000000000:31: VID Fortinet Endpoint Control B4F01CA951E9DA8D0BAFBBD34AD3044E
   2023-11-28 15:52:07.878541 ike 0:d9ae37737ffaa01f/0000000000000000:31: received notify type NAT_DETECTION_SOURCE_IP
   2023-11-28 15:52:07.878545 ike 0:d9ae37737ffaa01f/0000000000000000:31: received notify type NAT_DETECTION_DESTINATION_IP
   2023-11-28 15:52:07.878763 ike 0:d9ae37737ffaa01f/0000000000000000:31: received notify type AZURE_AD_AUTOCONNECT
   2023-11-28 15:52:07.878767 ike 0:d9ae37737ffaa01f/0000000000000000:31: received notify type CHILDLESS_IKEV2_SUPPORTED
   2023-11-28 15:52:07.878771 ike 0:d9ae37737ffaa01f/0000000000000000:31: ignoring unauthenticated notify payload (CHILDLESS_IKEV2_SUPPORTED)
   2023-11-28 15:52:07.878983 ike 0:d9ae37737ffaa01f/0000000000000000:31: incoming proposal:
   2023-11-28 15:52:07.878987 ike 0:d9ae37737ffaa01f/0000000000000000:31: proposal id = 1:
   2023-11-28 15:52:07.879196 ike 0:d9ae37737ffaa01f/0000000000000000:31:   protocol = IKEv2:
   2023-11-28 15:52:07.879199 ike 0:d9ae37737ffaa01f/0000000000000000:31:      encapsulation = IKEv2/none
   2023-11-28 15:52:07.879203 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=ENCR, val=AES_CBC (key_len = 128)
   2023-11-28 15:52:07.879205 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=INTEGR, val=AUTH_HMAC_SHA_96
   2023-11-28 15:52:07.879419 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=PRF, val=PRF_HMAC_SHA
   2023-11-28 15:52:07.879423 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=DH_GROUP, val=MODP1536.
   2023-11-28 15:52:07.879426 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=DH_GROUP, val=MODP2048.
   2023-11-28 15:52:07.879430 ike 0:d9ae37737ffaa01f/0000000000000000:31: proposal id = 2:
   2023-11-28 15:52:07.879640 ike 0:d9ae37737ffaa01f/0000000000000000:31:   protocol = IKEv2:
   2023-11-28 15:52:07.879643 ike 0:d9ae37737ffaa01f/0000000000000000:31:      encapsulation = IKEv2/none
   2023-11-28 15:52:07.879646 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=ENCR, val=AES_CBC (key_len = 256)
   2023-11-28 15:52:07.879649 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=INTEGR, val=AUTH_HMAC_SHA2_256_128
   2023-11-28 15:52:07.879860 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=PRF, val=PRF_HMAC_SHA2_256
   2023-11-28 15:52:07.879863 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=DH_GROUP, val=MODP1536.
   2023-11-28 15:52:07.879866 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=DH_GROUP, val=MODP2048.
   2023-11-28 15:52:07.879874 ike 0:d9ae37737ffaa01f/0000000000000000:31: matched proposal id 2
   2023-11-28 15:52:07.880080 ike 0:d9ae37737ffaa01f/0000000000000000:31: proposal id = 2:
   2023-11-28 15:52:07.880083 ike 0:d9ae37737ffaa01f/0000000000000000:31:   protocol = IKEv2:
   2023-11-28 15:52:07.880336 ike 0:d9ae37737ffaa01f/0000000000000000:31:      encapsulation = IKEv2/none
   2023-11-28 15:52:07.880339 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=ENCR, val=AES_CBC (key_len = 256)
   2023-11-28 15:52:07.880342 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=INTEGR, val=AUTH_HMAC_SHA2_256_128
   2023-11-28 15:52:07.880344 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=PRF, val=PRF_HMAC_SHA2_256
   2023-11-28 15:52:07.880345 ike 0:d9ae37737ffaa01f/0000000000000000:31:         type=DH_GROUP, val=MODP1536.
   2023-11-28 15:52:07.880347 ike 0:d9ae37737ffaa01f/0000000000000000:31: lifetime=86400
   2023-11-28 15:52:07.880351 ike 0:d9ae37737ffaa01f/0000000000000000:31: SA proposal chosen, matched gateway Azure
   2023-11-28 15:52:07.880369 ike 0:Azure: created connection: 0x10bdc0b0 3 172.19.200.113->172.19.200.185:500.
   2023-11-28 15:52:07.880375 ike 0:Azure:31: processing notify type NAT_DETECTION_SOURCE_IP
   2023-11-28 15:52:07.880391 ike 0:Azure:31: processing NAT-D payload
   2023-11-28 15:52:07.880396 ike 0:Azure:31: NAT not detected
   2023-11-28 15:52:07.880398 ike 0:Azure:31: process NAT-D
   2023-11-28 15:52:07.880400 ike 0:Azure:31: processing notify type NAT_DETECTION_DESTINATION_IP
   2023-11-28 15:52:07.880407 ike 0:Azure:31: processing NAT-D payload
   2023-11-28 15:52:07.880409 ike 0:Azure:31: NAT not detected
   2023-11-28 15:52:07.880411 ike 0:Azure:31: process NAT-D
   2023-11-28 15:52:07.880413 ike 0:Azure:31: processing notify type AZURE_AD_AUTOCONNECT
   2023-11-28 15:52:07.880425 ike 0:Azure:31: enable FortiClient endpoint compliance check, use 169.254.1.1
   2023-11-28 15:52:07.880436 ike 0:Azure:31: responder preparing SA_INIT msg
   2023-11-28 15:52:07.880460 ike 0:Azure:31: generate DH public value request queued
   2023-11-28 15:52:07.880467 ike 0:Azure:31: responder preparing SA_INIT msg
   2023-11-28 15:52:07.880660 ike 0:Azure:31: compute DH shared secret request queued
   2023-11-28 15:52:07.880665 ike 0:Azure:31: responder preparing SA_INIT msg
   2023-11-28 15:52:07.880668 ike 0:Azure:31: create NAT-D hash local 172.19.200.113/500 remote 172.19.200.185/500
   2023-11-28 15:52:07.880674 ike 0:Azure:31: out D9AE37737FFAA01FE0E51AE3ED77F208212022200000000000000168220000300000002C020100040300000C0100000C800E01000300000802000005
   030000080300000C0000000804000005280000C80005000019215B62D25A7F7A5E7B358E5B2C1C3C70084FD3A606A456015CF1A74314BCD7B5372C2CFBA2AB3F4DEA7A5531C27B59CC043D3BAE9002875A64966
   DFA7E6A953742D24719C5E3D8D5D45D50A46C700DB099C0D7A0C719CAD5E0D6B061FE75CF3B1E5E492E9AFDC8D5E0020FA2E93A4208BE12604E8E1EE4A6B68C6131164DE13D03DF19214F9685C2ADAA3CE8768D
   0E47654EBA43016F0E61C5FEE550FA44A822334501F56199BD0DDD7BB19C0D8BF5AC626D6D9F7069ECE2F932191A0D30E22900001456BC1469291826AE59A604D454BFF2BF2900001C00004004F6DBD029D92D8
   03928AE0CE23033027A9C20CAE92900001C000040054F8EE7A0730C99FD82681C8CAF9D7F488C6EE7510000000801004022
   2023-11-28 15:52:07.880692 ike 0:Azure:31: sent IKE msg (SA_INIT_RESPONSE): 172.19.200.113:500->172.19.200.185:500, len=360, vrf=0, id=d9ae37737ffaa01f/e0e51ae3ed77f20
   8
   2023-11-28 15:52:07.880725 ike 0:Azure:31: IKE SA d9ae37737ffaa01f/e0e51ae3ed77f208 SK_ei 32:021F8486C8956677F0B0F1F2BA452F75DD9833DA841D47DA772126AFE49CBF1B
   2023-11-28 15:52:07.880728 ike 0:Azure:31: IKE SA d9ae37737ffaa01f/e0e51ae3ed77f208 SK_er 32:A5EF924BD16BCE20AE70FE0FD61EAF70781D575E6EFA8F788A666B6700EA2DED
   2023-11-28 15:52:07.880731 ike 0:Azure:31: IKE SA d9ae37737ffaa01f/e0e51ae3ed77f208 SK_ai 32:382A41BB8F3AD7A75964AA0E686052E71E63E3CC2C932EF15987A44DB3F5911A
   2023-11-28 15:52:07.880738 ike 0:Azure:31: IKE SA d9ae37737ffaa01f/e0e51ae3ed77f208 SK_ar 32:4C1FC87AE6A0912DAA2636F2A81FBA793E702DA73FBEEAA3504EEAB68B32F193
   2023-11-28 15:52:07.993013 ike 0: comes 172.19.200.185:500->172.19.200.113:500,ifindex=3,vrf=0....
   2023-11-28 15:52:07.993062 ike 0: IKEv2 exchange=AUTH id=d9ae37737ffaa01f/e0e51ae3ed77f208:00000001 len=464
   2023-11-28 15:52:07.993290 ike 0: in D9AE37737FFAA01FE0E51AE3ED77F2082E20230800000001000001D0230001B4E7B1C9245F45F810624FFD12C9F2A28B2F2C08E9401A2AA912E7A53BE340A62EF5
   5B7617F3B1EA24AAC418B700B79127C1763D611430D75C12D7AAF4AB48289536DF9812D23A742255846E785CA1F93405BBD31240155DED929C1AA9AEB2C6E4DE29DE2B305EC3B4ADFDB2ECD31FEF13A5B20C9AB
   5FE18E83F3A5A8A8FB9826512545661675ED918D7687429FDFCA7156FECD7E95DFEF9FE399A760167F0292EAA7601FE9E02BF4265EE6A3291747029E483D4C5C319F4885C2A5C4E1AA74BFF38857285E4B9128F
   6BD7875A193D27C63692C6A082B2E3AF4C97ECE69486688397470A7160AF07604F168298F44EE433FDD91A23A6746B4A34232D0C60EDCE3A869F46D00340FD314E3A19E23813DCD55D6F001C9A461A9151FC434
   7212AE54D139BFBD95072184D6BCD96BFE91A77484A14EF21A510947AF72004E73188BDCA2D90B99B26C6ADAE0DED61096A5A9033250DB16CAFB8330F8B86374EE426F22A37F1B5E4B4C03B785064601CD9D786
   B97F1A5915AE1FF0AAB9548C0AB645E8817AA421E16F2190F38F708FDA1ED0FB8E242B1251D36A4AEF3B84CDF858D6CA30118400B7DE7CD32AB86E5BCBFEAFA38E
   2023-11-28 15:52:07.993602 ike 0:Azure:31: dec D9AE37737FFAA01FE0E51AE3ED77F2082E20230800000001000001A9230000042900000C01000000AC13C8B92900000800004000270001010000F100
   5645523D310A4643545645523D372E322E332E303931380A5549443D43464336324141323346333434323335423544384136313835354537464636440A49503D3137322E31392E3230302E3138350A4D41433D3
   0302D31352D35642D35312D30332D30343B0A484F53543D4445534B544F502D3043444F4633560A555345523D476F70696368616E644D75726172690A4F535645523D4D6963726F736F66742057696E646F7773
   20313020456E74657270726973652045646974696F6E2C2036342D62697420286275696C64203139303435290A5245475F5354415455533D300A454D53534E3D464354454D53383832333039313730320A002F0
   0002802000000A5C200F5D13E654044C91714F1EC7BBC77964528DB2A56F03CBD82F7EECCEBEF290000440100000000070010464354383030303533323032353033300001000000020000000300000004000000
   0D000070010000540A0000540B000070000000001900000000000800004022
   2023-11-28 15:52:07.993807 ike 0:Azure:31: responder received AUTH msg
   2023-11-28 15:52:07.994029 ike 0:Azure:31: processing notify type INITIAL_CONTACT
   2023-11-28 15:52:07.994083 ike 0:Azure:31: processing notify type FORTICLIENT_CONNECT
   2023-11-28 15:52:07.994277 ike 0:Azure:31: received FCT data len = 249, data = 'VER=1
   FCTVER=7.2.3.0918
   UID=CFC62AA23F344235B5D8A61855E7FF6D
   IP=172.19.200.185
   MAC=00-15-5d-51-03-04;
   HOST=DESKTOP-0CDOF3V
   USER=MCarey
   OSVER=Microsoft Windows 10 Enterprise Edition, 64-bit (build 19045)
   REG_STATUS=0
   EMSSN=FCTEMS123456
   '
   2023-11-28 15:52:07.994510 ike 0:Azure:31: received FCT-UID : CFC62AA23F344235B5D8A61855E7FF6D
   2023-11-28 15:52:07.994714 ike 0:Azure:31: received EMS SN : FCTEMS123456
   2023-11-28 15:52:07.994736 ike 0:Azure:31: EMS SN check passed
   2023-11-28 15:52:07.994939 ike 0:Azure:31: processing notify type CHILDLESS_IKEV2_SUPPORTED
   2023-11-28 15:52:07.994965 ike 0:Azure:31: peer identifier IPV4_ADDR 172.19.200.185
   2023-11-28 15:52:07.995168 ike 0:Azure:31: re-validate gw ID
   2023-11-28 15:52:07.995178 ike 0:Azure:31: gw validation OK
   2023-11-28 15:52:07.995413 ike 0:Azure:31: auth verify done
   2023-11-28 15:52:07.995628 ike 0:Azure:31: responder AUTH continuation
   2023-11-28 15:52:07.995634 ike 0:Azure:31: authentication succeeded
   2023-11-28 15:52:07.995874 ike 0:Azure:31: mode-cfg type 7 request 16:'46435438303030353332303235303330'
   2023-11-28 15:52:07.996080 ike 0:Azure:31: mode-cfg received APPLICATION_VERSION 'FCT8000532025030'
   2023-11-28 15:52:07.996086 ike 0:Azure:31: mode-cfg type 1 request 0:''
   2023-11-28 15:52:07.996312 ike 0:Azure: mode-cfg allocate 192.168.1.1/0.0.0.0
   2023-11-28 15:52:07.996319 ike 0:Azure:31: mode-cfg using allocated IPv4 192.168.1.1
   2023-11-28 15:52:07.996535 ike 0:Azure:31: mode-cfg type 2 request 0:''
   2023-11-28 15:52:07.996540 ike 0:Azure:31: mode-cfg type 3 request 0:''
   2023-11-28 15:52:07.996763 ike 0:Azure:31: mode-cfg type 4 request 0:''
   2023-11-28 15:52:07.996769 ike 0:Azure:31: mode-cfg WINS ignored, no WINS servers configured
   2023-11-28 15:52:07.996989 ike 0:Azure:31: mode-cfg type 13 request 0:''
   2023-11-28 15:52:07.996995 ike 0:Azure:31: mode-cfg type 28673 request 0:''
   2023-11-28 15:52:07.997215 ike 0:Azure:31: mode-cfg UNITY type 28673 requested
   2023-11-28 15:52:07.997446 ike 0:Azure:31: mode-cfg type 21514 request 0:''
   2023-11-28 15:52:07.997451 ike 0:Azure:31: mode-cfg type 21514 requested
   2023-11-28 15:52:07.997455 ike 0:Azure:31: mode-cfg type 21515 request 0:''
   2023-11-28 15:52:07.997460 ike 0:Azure:31: mode-cfg type 21515 requested
   2023-11-28 15:52:07.997464 ike 0:Azure:31: mode-cfg type 28672 request 0:''
   2023-11-28 15:52:07.997468 ike 0:Azure:31: mode-cfg UNITY type 28672 requested
   2023-11-28 15:52:07.997472 ike 0:Azure:31: mode-cfg no banner configured, ignoring
   2023-11-28 15:52:07.997476 ike 0:Azure:31: mode-cfg type 25 request 0:''
   2023-11-28 15:52:07.997483 ike 0:Azure:31: responder preparing AUTH msg
   2023-11-28 15:52:07.997489 ike 0:Azure: IPv6 pool is not configured
   2023-11-28 15:52:07.997494 ike 0:Azure: adding new dynamic tunnel for 172.19.200.185:500
   2023-11-28 15:52:07.997513 ike 0:Azure_0: tunnel created tun_id 192.168.1.1/::10.0.0.11 remote_location 0.0.0.0
   2023-11-28 15:52:07.997592 ike 0:Azure_0: added new dynamic tunnel for 172.19.200.185:500
   2023-11-28 15:52:07.997598 ike 0:Azure_0:31: established IKE SA d9ae37737ffaa01f/e0e51ae3ed77f208
   2023-11-28 15:52:07.997606 ike 0:Azure_0:31: check peer route: if_addr4_rcvd=0, if_addr6_rcvd=0, mode_cfg=1
   2023-11-28 15:52:07.997614 ike 0:Azure_0:31: processing INITIAL-CONTACT
   2023-11-28 15:52:07.997617 ike 0:Azure_0: flushing
   2023-11-28 15:52:07.997635 ike 0:Azure_0: flushed
   2023-11-28 15:52:07.997638 ike 0:Azure_0:31: processed INITIAL-CONTACT
   2023-11-28 15:52:07.997655 ike 0:Azure_0:31: mode-cfg assigned (1) IPv4 address 192.168.1.1
   2023-11-28 15:52:07.997658 ike 0:Azure_0:31: mode-cfg assigned (2) IPv4 netmask 255.255.255.255
   2023-11-28 15:52:07.997662 ike 0:Azure_0:31: mode-cfg send (13) 0:192.168.150.0/255.255.255.0:0
   2023-11-28 15:52:07.997664 ike 0:Azure_0:31: mode-cfg send (3) IPv4 DNS(1) 96.45.45.45
   2023-11-28 15:52:07.997667 ike 0:Azure_0:31: mode-cfg send (3) IPv4 DNS(2) 96.45.46.46
   2023-11-28 15:52:07.997669 ike 0:Azure_0:31: mode-cfg send APPLICATION_VERSION 'FortiGate-VM64-HV v7.2.5,build8347,230829 (GA)'
   2023-11-28 15:52:07.997671 ike 0:Azure_0:31: mode-cfg send (28673) UNITY_SAVE_PASSWD
   2023-11-28 15:52:07.997674 ike 0:Azure_0:31: mode-cfg send (21514) FNT_AUTO_NEGOTIATE
   2023-11-28 15:52:07.997676 ike 0:Azure_0:31: mode-cfg send (21515) FNT_KEEP_ALIVE
   2023-11-28 15:52:07.997678 ike 0:Azure_0:31: add INTERFACE-ADDR4 169.254.1.1
   2023-11-28 15:52:07.997685 ike 0:Azure_0:31: enc 2700000C01000000AC13C8712F00002802000000032B2600E754DD686A012B0F6F15B5AACF188C6E360430E082BCDFDA0C720EC129000078020000
   0000010004C0A8010100020004FFFFFFFF000D0008C0A89600FFFFFF0000030004602D2D2D00030004602D2E2E0007002E466F727469476174652D564D36342D48562076372E322E352C6275696C64383334372
   C3233303832392028474129700100020001540A00020001540B000200010000000C0000F0F9A9FE01010706050403020107
   2023-11-28 15:52:07.997699 ike 0:Azure_0:31: out D9AE37737FFAA01FE0E51AE3ED77F2082E2023200000000100000100240000E4F3993F243D0F8263A8437BAE5FA374BDCCB76F12A529CF6D140BDB
   7D16F4A31BCF8A01BF7FF565745E7A34CEF5DA87D60248CE37ECC09215900856FFD63450E0051F599310EAF799FB34362432B731B6A1CFD33A47923089B4989C08F2E8ADB97CB6DC62FE3D5B8A2F556B9A9F7B2
   1455AF2B117804AEFFAB89332A0CEAFF6C1D45AFDAB9C8158074F8D9F1440500FA0BEB08B873C299BD9E554688D9A5BD986DD42974E0F247CC80DA4025BF026C05CEB1248A95C86483ECB765FBA232F6E07D0E6
   7FBAEB45416899D51C253077D91C4E9D8BD7DDACDC5425510CAC1BC0B1CF
   2023-11-28 15:52:07.997721 ike 0:Azure_0:31: sent IKE msg (AUTH_RESPONSE): 172.19.200.113:500->172.19.200.185:500, len=256, vrf=0, id=d9ae37737ffaa01f/e0e51ae3ed77f208
   :00000001
   2023-11-28 15:52:08.110149 ike 0: comes 172.19.200.185:500->172.19.200.113:500,ifindex=3,vrf=0....
   2023-11-28 15:52:08.110199 ike 0: IKEv2 exchange=INFORMATIONAL id=d9ae37737ffaa01f/e0e51ae3ed77f208:00000002 len=2240
   2023-11-28 15:52:08.110432 ike 0: in D9AE37737FFAA01FE0E51AE3ED77F2082E20250800000002000008C0290008A49B6A9D7BD4E662F6667AF723F93D5160ED6B11316EEA6DF7D75902415CD63031EF
   F10A6D97A8409055084EB77803F990D01B2156EF6465F3087AE502976340903689A8D9D4ED842DBA99E4321FF23844FA93051D39987C5AAB2D1376805066E44D318566A0A1AAFB8443C9E53B04B0BEF5519A6E3
   4FF0351BAAB2343987A9845665B4A4B902C6F684284C156A5FC0F71D8B32D2F8A8C6BD0C1780723915CD9ABC36299EFF3D7FAF9EEB8C05BEFDB0396241E37AC740E9B37EFA80849FA5F610E34D315A9B6800EB9
   EE7D6264772E78FF2A1E829B183DF08BCCB5F6FE7EF97E3DFD7721416E587584AE570BDA90F51B854FBE491269323A8B2769092658EFF3603786B4D6F9A42BDDA28ADA53FB57ACE83A002F8E22C73B1BAAAB95C
   13843E0F13E0BB38A35E134276DBA0028775D43D9E63626FA740CD2ADE5B1E044FB136498C1391E13180A878A011D1EAFEF705959F04EDAAFB1F4D0B4D7BE32595BF0626B48A8B4A4FE60BF3E3F258D07EA4474
   2F763EA6021A209BE7026F3B694D078B4D083B0AB5E018D8FDD4E236E0428CC22A6A5E3F14D01E0D0E574DB9CD058ADCDBA705E3A3FA9E445BFEB9015B367C458AF0510072C3B7FCF59346FDA3D9B90D69FA283
   E553773E6F9C8CCC17630F33DCA445D5847DF9F5599CD8A9E1E65F99113F3BC18D88A70BB11D7EAAA9858DA284B488F58B49EC7E879FE1FE7126BDCCCFFB2CD62447203DE15485F957A602160D739B38F57EB18
   023F4023C1C8C30729D87EF932701E69BA474478222FA4A427F38EA36B314F452CCD29C57F75A7BD1596AA4300C42714BEF3E3A538786F30668B714880F2A2715C6B18AAA61DBFAA98C22302319917BEB5219A1
   70B7250B69402A84697685055CDCE5B276B047FB172501DEA4FC7EF51A4B3FE06B590F212C9DCBB6AEF859A8FD3E4A5118B603E75218294C3DF97A009F2CDD5D31CA9E28CB9C5A1D5CA56B3B6C0DF9BA7DED12E
   0A44CE3A2C8B0101B2812B8FD3EC43A0AF07F3701AC6B0F5EA182C9797DCFF215207238A9DC5F3F544A919B6E147C20847F20AD9CFD602734224EBB3E18A7200DFA06FA9EE6A4F665AE6559587F963C1116A43E
   6D673601ABEA502DC789085D9537AC26DCB75A582AD12962C858910EF7AA42E9E04742B80483B02870CB600AEF9F050A84A44213FDF23B283F73F7E064C9167FCFC63C9DBBBBB8DC8727E27EB62A2B412CF7989
   665E248B5514E87264EAE9BE7E870D8243558548706092E2F2FB7B69307808CAA903BCE0B0EDACE95FCE7BD5DD6D93EEB901BD4C541999D7E16A8ABF7B3FA99B163119CC27D851D42E7820659EBDA3E1649062A
   3DE4544F7DC568665A5D5A52D6A62E252D9C6240AB32930B0066ECFBF9E4845768F8708E89A8A699786237D741659FB7F36E45F649F860C04523820584F0A668519DC200A16A9AE6F94714A5C9AFAA9CEA3B159
   8836482ADA061F3E6BC73CDF18B441E3939F938A407E2FAB66563F32EFDE4EA1D26756B4983CDA332825B6CC71A64B3A2790CED7156AE0C7A9D684BBAF50095283C23ADF9882E4901C6DDA7E8132B632B9D33B6
   961D1558323FAB4447CC6C1B6E0A543CF289566955CD045D42B3853934E98575FF0EB4F9DDCCD33E16EE3989185CBD4C536CBEB55F2DE760AD87D0D0896952425F6099EC3775DABEC43669B3060371818B55CB1
   09420BC54D6819785BE1D4380878ACA24502D20B8552E035B3FA728340CEC7114D557E9AFE7C6051053E4CF702D9C9CEB88F066EDC7C41ED7A2C331EAF1331DBEB965988F564515A11AD7023C4F5EECF73C870A
   6B41C9006ADDA326377969F7309E42BEB220F6B8BB0DC4581304B5A26EFBFC91A3E6AF4B5E25DBDEA2AB79EF700948B05677B7B613D7C45D273B7A9F1E14809D90154C0B7E57E3144063DECEC730EC22D4AE450
   FA064F428DBDAD2E7225AE832C66C4A79CA327EF8DE1B9DC1325CC5D7891A4F3619E813374306AA1379836A4B7CD50A826E709D33FF24BF4E311DBB960732269470EBCA42F5A68A7038352B0C7DA6454541B3F3
   348CED47D7FEFE7131FB3610D7D884B4E71BFEF414235CB6AC577F3D5B4EC816682CDA2480B8D232894AEEF9D8578A97197D9C33A9D2C4E524A59FA0167D8759D3C2B089D715B005F5FB9403E822A1B5723531A
   DD1527A4BEEC54C673470017057E7D6C0A64D1F4463E7453F61A1FA5C60BAD683E11F57ADF8C4147DE337897FD913FF451A663E511515A1EEF1B64BC66125E310F729712CCBAF97316874986C52D96AB16C7587
   31171EEBDAC8948D173532A92473AB990F853657A6E2F299C3C32C534D6560FDAF66C3C2E5CE690C3E0381E2883E09C9E8F2E039B2403526419A810E048C9BFFB863EB00D4EEA8C2980799AF8FFE4D0FDA92C2E
   8AEB30AB1D044CF5E806414B8BF4F630DD54274235295540A230B1E58CBBE6642A0D91AD0DE920B4DE385975A10F97AB58C01508D43F40531F04EF403E626C06F1D70E6A5649721F60F9CED9ACB70997A265110
   83E1E2F373049A1CB0012C181244F90DF3B917B7D337679F4EA3E4F5781929793E57DCE57426DE306E1C7348B05FF5412AD20CBD323C9ACD9B381462F428EFB084DE2DF4AAA39F3A2498EBE0903E190C89B3CB6
   9FE70EF451C17C337F2965F0F2FCEA63036DAC1735305113720441A040920DE11C76E597D2346766AC231966E200FB6908954B049B57E077C8F9FF1E43019D22DCB75839C0BE084385510FE6CC225A84E8AE56D
   9854C739545EB19DA193E031D59D58270E12D9A5F6E86E4870DD775F1C3C4DB80F5138B20521E7463045E48EF1C1BE55D40F7AACC65BFA78B2D7C50832A08CAEE1534C9EF0D9309321D685102EA34BC45A62BEB
   A927141839B4756BC3D33B33DD6F829762D9FEC37E8C5F6C28D3E0D513967D3E878D597A0F262263D47E696C443B3AD33742944F1EA8094AA1147E189EA3DC2E1838C12186A9ADA2534485D026E8456996E9815
   0675B20DC5F337A0A90BDFE5516668AD234AF0FA4F0141F8145BF7F931E80C2B62E5517900CBAE94B37748E713A895CBB415319FA485C69C4CBE89F689DA9926597548CD5FC1F509F584330B07686F0EDE7EE1B
   FCD55949
   2023-11-28 15:52:08.110903 ike 0:Azure_0:31: dec D9AE37737FFAA01FE0E51AE3ED77F2082E202508000000020000089F290000040000087F0000F10765794A30655841694F694A4B563151694C434A
   756232356A5A534936496D704B4D314A6B55304A7653484A4B4F4570574D6B5A54646A687A59564659624668336457773357484D325A4656786347307A5A316F74616C45694C434A68624763694F694A53557A4
   9314E694973496E673164434936496C5178553351745A457855646E6C58556D6434516C38324E7A5A314F47747957464D7453534973496D74705A434936496C5178553351745A457855646E6C58556D6434516C
   38324E7A5A314F47747957464D7453534A392E65794A68645751694F6949774D4441774D4441774D7930774D4441774C5441774D444174597A41774D4330774D4441774D4441774D4441774D4441694C434A706
   3334D694F694A6F64485277637A6F764C334E30637935336157356B6233647A4C6D356C644338315A446B324D4463335A4330794F47566D4C5451774E5749744F474A6A4E53307A5A6A6333595452695A47526B
   5A6D59764969776961574630496A6F784E7A41784D6A45794E546B794C434A75596D59694F6A45334D4445794D5449314F544973496D5634634349364D5463774D5449784F4445344F53776959574E6A6443493
   64D43776959574E79496A6F694D534973496D467062794936496B4657555546784C7A68575155464251545A48644463765230647553545259516D566C615538356343394C65454931563235434E46553363474E
   6B596D4A4B546B7036626E52525931523052474E545158526B54445A3254334E32536D30304B323172656B3835627974355445343157556C715169397454304A59626B783365577451526A67334F53745162556
   877636E6C6D616E45324D465259636B564650534973496D46746369493657794A77643251694C434A79633245694C434A745A6D45695853776959584277583252706333427359586C755957316C496A6F696447
   567A6447647663476B694C434A68634842705A434936496A59334D574978597A5A684C5464694E6A4D744E474E6C595330344F4463334C544D304D544A695A5463344E546B7A59794973496D467763476C6B595
   74E79496A6F694D434973496D526C646D6C6A5A576C6B496A6F694D7A41355954526D4D7A457459324934596930305A6D4A6D4C546B785A6A67744F474E6B4D324E6D4D574D7759325669496977696157523065
   5841694F694A316332567949697769615842685A475279496A6F694D6A41344C6A6B784C6A45784E53347A4D434973496D3568625755694F694A486233427059326868626D51675458567959584A70496977696
   2326C6B496A6F694E4467324E4451324E6D45744F546B774F4330305A6A49324C546C6C4D7A41744F5755344D3249344D6A49305A47526D4969776963477868644759694F69497A49697769634856705A434936
   496A45774D444D794D4441794E445133516A45314D5463694C434A776432526664584A73496A6F696148523063484D364C79397762334A305957777562576C6A636D397A62325A30623235736157356C4C6D4E7
   662533944614746755A32565159584E7A643239795A4335686333423449697769636D67694F6949774C6B46576130466D5557565857475534623163775130783456446B7A6345777A5A46393354554642515546
   4251554642515864425155464251554642515546445A45464F627934694C434A7A593341694F694A765A6D5A736157356C5832466A5932567A63794276634756756157516763484A765A6D6C735A53425663325
   6794C6C4A6C595751675A573168615777694C434A7A615764756157356663335268644755694F6C73696132317A61534A644C434A7A645749694F694A61596D4D7964546C7955486C57636C4A4F6154464F5A31
   524A65484E4352575A44566C6C4D52304A72615667795A3168324D6B354A4D325A4A49697769644756755957353058334A6C5A326C76626C397A593239775A534936496B35424969776964476C6B496A6F694E5
   751354E6A41334E3251744D6A686C5A6930304D4456694C546869597A55744D3259334E324530596D526B5A475A6D49697769645735706358566C58323568625755694F694A6E6258567959584A7051455A7663
   6E5270513278705A5735304D6A41756232357461574E7962334E765A6E5175593239744969776964584275496A6F695A323131636D46796155424762334A3061554E7361575675644449774C6D397562576C6A6
   36D397A62325A304C6D4E7662534973496E563061534936496A457864484A365447397A4D6A4174636D5534556D4E6D64463951515763694C434A325A5849694F6949784C6A41694C434A336157527A496A7062
   496A59795A546B774D7A6B304C5459355A6A55744E44497A4E7930354D546B774C5441784D6A45334E7A45304E5755784D434973496D49334F575A695A6A526B4C544E6C5A6A6B744E4459344F5330344D54517
   A4C546332596A45354E4755344E5455774F534A644C434A3462584E6664474E6B644349364D5459324E7A45784D4451794D33302E4C5173624B7A695A52504F39505971495071754B4C316B39704F477A54776B
   35376E3854676B4A616C79327362325333635A763541313736426539594A5A4D7978424F366F6349677731324663304B4841316E354A474E5A36526E74674D73574457476F6968506E756B503474725F5549766
   74A567A4578516D67554D6C3545723361635A7849577A41766E3353383259306E6F6245733461526865417231387A6271364D435F6137344C7668307332367263435A473675755767656D457A5F523768665039
   3473586D4A68506F42564A427175357372662D3366766758615647525559456A6F746441496E744A4852414263784B5647654E506C7276696C4F6B454D7577694A753544312D4F465064696C7A63686A644A343
   2576B5A7A4D6F583250645849706938416F4565784D55435F49425A5A696379514F6A67307776724650537531464A675539364F3637424841464C2D77
   2023-11-28 15:52:08.110922 ike 0:Azure_0:31: received informational request
   2023-11-28 15:52:08.110925 ike 0:Azure_0:31: processing notify type AZURE_AD_TOKEN
   2023-11-28 15:52:08.110948 ike 0:Azure_0:31: received Azure AD token (len=2167)
   2023-11-28 15:52:08.110949 ike 0:Azure_0:31: initiating Azure AD token authentication
   2023-11-28 15:52:08.110951 ike 0:Azure_0: Azure AD token (len=2167)
   2023-11-28 15:52:08.110953 ike 0:Azure: auth group msgraphgrp
   2023-11-28 15:52:08.111007 ike 0:Azure_0: Azure AD auth 1975011919 pending
   2023-11-28 15:52:08.111012 ike 0:Azure_0:31: enc 0F0E0D0C0B0A0908070605040302010F
   2023-11-28 15:52:08.111021 ike 0:Azure_0:31: out D9AE37737FFAA01FE0E51AE3ED77F2082E202520000000020000005000000034ABDA11BFF7F1B3E0DE37C51CC74D97E9E750351C4C59506A84CEC1
   E9D726613718F6C5928D05641F3BA20B17F06A0E39
   2023-11-28 15:52:08.111037 ike 0:Azure_0:31: sent IKE msg (INFORMATIONAL_RESPONSE): 172.19.200.113:500->172.19.200.185:500, len=80, vrf=0, id=d9ae37737ffaa01f/e0e51ae3
   ed77f208:00000002
   2023-11-28 15:52:08.506195 ike 0:Azure_0:31: Azure AD auth 1975011919 result FNBAM_SUCCESS
   2023-11-28 15:52:08.507752 ike 0:Azure_0: FNBAM_SUCCESS
   2023-11-28 15:52:08.508794 ike 0:Azure_0: Azure AD auth succeeded (msgraphgrp)
   2023-11-28 15:52:08.510216 ike 0:Azure_0:31: send AD_AUTH_SUCCESS
   2023-11-28 15:52:08.511426 ike 0:Azure_0:15: sending NOTIFY msg
   2023-11-28 15:52:08.512857 ike 0:Azure_0:31:15: send informational
   2023-11-28 15:52:08.514534 ike 0:Azure_0:31: enc 000000080000F1080706050403020107
   2023-11-28 15:52:08.516395 ike 0:Azure_0:31: out D9AE37737FFAA01FE0E51AE3ED77F2082E20250000000000000000502900003413256E2704001DC9F80EBD2A735175246557478164D30E355013BC
   69A0BDED148E2E2A603EF6D28DD13A932FAF61EC74
   2023-11-28 15:52:08.519714 ike 0:Azure_0:31: sent IKE msg (INFORMATIONAL): 172.19.200.113:500->172.19.200.185:500, len=80, vrf=0, id=d9ae37737ffaa01f/e0e51ae3ed77f208
   2023-11-28 15:52:08.522490 ike 0: comes 172.19.200.185:500->172.19.200.113:500,ifindex=3,vrf=0....
   2023-11-28 15:52:08.524446 ike 0: IKEv2 exchange=INFORMATIONAL_RESPONSE id=d9ae37737ffaa01f/e0e51ae3ed77f208 len=80
   2023-11-28 15:52:08.526370 ike 0: in D9AE37737FFAA01FE0E51AE3ED77F2082E202528000000000000005000000034925EA6E305C033FBF32AEB5403FF3390A6AA68943E6E95FFD42F9A9DB5F2211EA2
   E5030A8DCDCC68A0D952C49B7C104C
   2023-11-28 15:52:08.529516 ike 0:Azure_0:31: dec D9AE37737FFAA01FE0E51AE3ED77F2082E202528000000000000002000000004
   2023-11-28 15:52:08.531826 ike 0:Azure_0:31: received informational response
   2023-11-28 15:52:08.533168 ike 0:Azure_0:15: received NOTIFY acknowledgement
   2023-11-28 15:52:08.534569 ike 0:Azure_0:31:15: processing informational acknowledgement
   2023-11-28 15:52:09.446751 ike 0: comes 172.19.200.185:500->172.19.200.113:500,ifindex=3,vrf=0....
   2023-11-28 15:52:09.448432 ike 0: IKEv2 exchange=CREATE_CHILD id=d9ae37737ffaa01f/e0e51ae3ed77f208:00000003 len=448
   2023-11-28 15:52:09.450319 ike 0: in D9AE37737FFAA01FE0E51AE3ED77F2082E20240800000003000001C0210001A4D1C2C49AECAEBA124A5DE2DF944A81ECC42E35F47089131AAAA1D089F60E74845C
   A77B0F46616B3946EC1DB6386B95B3E4AAD48624AD098716B7C09377070A34A4A8FA29C5205A53FB705FB95FB1196320A24E54F123C45E7EAA07DA2F7E5C73D5D68FCC29711163372CC0601061A1629C10D4B4D
   29240FEB22BF758E73A0BF47D3EF2311B547683FBED69DE40960A30FDCACEFA83C5B002C117EF1849D9EFCBF5D5C594424160C6DDAE59D72CA0FE69109D677B36A3E52251B12E609EBC39105228F03821F52DCC
   A8F48FFCD2B1E467EFD6D22C944A2FE1668F52111B863790EAB4B70AC111BBBEA1BD4E400920E6002F541DBBFA5B1270DB7F9A8E17DB837A55A161A848FBD3CEE545C59673114BC6C7192CB8FC3A22226647769
   A47C5EC14F9A927A2DC22D3AEC869F7D22728EA36AE72C79BCAEC678F832D868F4AF4A9F11316AB525EE29E83D7FE4B36B4C907FD695FC958F391CC53A55BA3D70768458374E0DEB496B4EE2C764259816EB4A5
   1C500F83A98A8E134A7E5287057AC06D0DFB99A6403EB711B5ED4A0AD431D342BDF4E9674B614C0EA63AD879BE72F0F6FB
   2023-11-28 15:52:09.463679 ike 0:Azure_0:31: dec D9AE37737FFAA01FE0E51AE3ED77F2082E202408000000030000019021000004280000640200003001030404B6309E870300000C0100000C800E00
   800300000803000002030000080400000500000008050000000000003002030404B6309E870300000C0100000C800E0100030000080300000C0300000804000005000000080500000022000014B152C3DB9D7C4
   DCB76B245B1B1E537752C0000C80005000013FC512EBBD59D5EE5926D399D13FE2811F9D965F6489E6727340F15F2588D0B37347D70C4DB2A056AEDE07A0B83D0BC6C124CFBEFD8B8EC28E3BE927E3ADDCB5855
   6010430E13A03A123A11C1A1F5F603093844ED7CA9CA65C97BF77689456F933584C0D706024321EB1BA2DEAB6C7CDBF9D8C6B3CAEF02B8D98F10B8EF0B7F975EB3F922360B21B419E71D91DC8A86BF7361500BE
   FD67B0AB19F0F89423D8E9229B2A71FD283FEAC4845F4DB2092A48ECECCD84C12CA552C234A2B6614FAF02D00001801000000070000100000FFFF00000000FFFFFFFF0000001801000000070000100000FFFF00
   000000FFFFFFFF
   2023-11-28 15:52:09.476082 ike 0:Azure_0:31: received create-child request
   2023-11-28 15:52:09.477573 ike 0:Azure_0:31: responder received CREATE_CHILD exchange
   2023-11-28 15:52:09.479026 ike 0:Azure_0:31: responder creating new child
   2023-11-28 15:52:09.480311 ike 0:Azure_0:31:16: peer proposal:
   2023-11-28 15:52:09.481643 ike 0:Azure_0:31:16: TSi_0 0:0.0.0.0-255.255.255.255:0
   2023-11-28 15:52:09.483041 ike 0:Azure_0:31:16: TSr_0 0:0.0.0.0-255.255.255.255:0
   2023-11-28 15:52:09.484917 ike 0:Azure_0:31:Azure:16: comparing selectors
   2023-11-28 15:52:09.486431 ike 0:Azure_0:31:Azure:16: matched by rfc-rule-2
   2023-11-28 15:52:09.488240 ike 0:Azure_0:31:Azure:16: phase2 matched by subset
   2023-11-28 15:52:09.489819 ike 0:Azure_0:31:Azure:16: using mode-cfg override 0:192.168.1.1-192.168.1.1:0
   2023-11-28 15:52:09.493018 ike 0:Azure_0:31:Azure:16: accepted proposal:
   2023-11-28 15:52:09.494773 ike 0:Azure_0:31:Azure:16: TSi_0 0:192.168.1.1-192.168.1.1:0
   2023-11-28 15:52:09.496728 ike 0:Azure_0:31:Azure:16: TSr_0 0:0.0.0.0-255.255.255.255:0
   2023-11-28 15:52:09.498785 ike 0:Azure_0:31:Azure:16: dialup
   2023-11-28 15:52:09.500228 ike 0:Azure_0:31:Azure:16: incoming child SA proposal:
   2023-11-28 15:52:09.502191 ike 0:Azure_0:31:Azure:16: proposal id = 1:
   2023-11-28 15:52:09.504280 ike 0:Azure_0:31:Azure:16:   protocol = ESP:
   2023-11-28 15:52:09.506390 ike 0:Azure_0:31:Azure:16:      encapsulation = TUNNEL
   2023-11-28 15:52:09.508479 ike 0:Azure_0:31:Azure:16:         type=ENCR, val=AES_CBC (key_len = 128)
   2023-11-28 15:52:09.510929 ike 0:Azure_0:31:Azure:16:         type=INTEGR, val=SHA
   2023-11-28 15:52:09.513041 ike 0:Azure_0:31:Azure:16:         type=DH_GROUP, val=MODP1536
   2023-11-28 15:52:09.514921 ike 0:Azure_0:31:Azure:16:         type=ESN, val=NO
   2023-11-28 15:52:09.517047 ike 0:Azure_0:31:Azure:16: matched proposal id 1
   2023-11-28 15:52:09.518363 ike 0:Azure_0:31:Azure:16: proposal id = 1:
   2023-11-28 15:52:09.519673 ike 0:Azure_0:31:Azure:16:   protocol = ESP:
   2023-11-28 15:52:09.521199 ike 0:Azure_0:31:Azure:16:      encapsulation = TUNNEL
   2023-11-28 15:52:09.522991 ike 0:Azure_0:31:Azure:16:         type=ENCR, val=AES_CBC (key_len = 128)
   2023-11-28 15:52:09.524846 ike 0:Azure_0:31:Azure:16:         type=INTEGR, val=SHA
   2023-11-28 15:52:09.526296 ike 0:Azure_0:31:Azure:16:         type=DH_GROUP, val=MODP1536
   2023-11-28 15:52:09.527909 ike 0:Azure_0:31:Azure:16:         type=ESN, val=NO
   2023-11-28 15:52:09.529345 ike 0:Azure_0:31:Azure:16: lifetime=43200
   2023-11-28 15:52:09.531065 ike 0:Azure_0:31:Azure:16: PFS enabled, group=5
   2023-11-28 15:52:09.532636 ike 0:Azure_0:31:Azure:16: generate DH public value request queued
   2023-11-28 15:52:09.535270 ike 0:Azure_0:31:Azure:16: compute DH shared secret request queued
   2023-11-28 15:52:09.538204 ike 0:Azure_0:31:Azure:16: replay protection enabled
   2023-11-28 15:52:09.540564 ike 0:Azure_0:31:Azure:16: set sa life soft seconds=43185.
   2023-11-28 15:52:09.543517 ike 0:Azure_0:31:Azure:16: set sa life hard seconds=43200.
   2023-11-28 15:52:09.545940 ike 0:Azure_0:31:Azure:16: IPsec SA selectors #src=1 #dst=1
   2023-11-28 15:52:09.548329 ike 0:Azure_0:31:Azure:16: src 0 7 0:0.0.0.0-255.255.255.255:0
   2023-11-28 15:52:09.549967 ike 0:Azure_0:31:Azure:16: dst 0 7 0:192.168.1.1-192.168.1.1:0
   2023-11-28 15:52:09.551724 ike 0:Azure_0:31:Azure:16: add dynamic IPsec SA selectors
   2023-11-28 15:52:09.553656 ike 0:Azure_0:31:Azure:16: added dynamic IPsec SA proxyids, new serial 1
   2023-11-28 15:52:09.555661 ike 0:Azure:16: add route 192.168.1.1/255.255.255.255 gw 192.168.1.1 oif Azure(17) metric 15 priority 1
   2023-11-28 15:52:09.558385 ike 0:Azure_0:31:Azure:16: tunnel 1 of VDOM limit 0/0
   2023-11-28 15:52:09.559849 ike 0:Azure_0:31:Azure:16: add IPsec SA: SPIs=089ed054/b6309e87
   2023-11-28 15:52:09.559855 ike 0:Azure_0:31:Azure:16: IPsec SA dec spi 089ed054 key 16:7266651ABA6DF54EA23C5F16ACA4323A auth 20:E5DE2B49D803AD657613D5E7A217019449E172E
   D
   2023-11-28 15:52:09.559859 ike 0:Azure_0:31:Azure:16: IPsec SA enc spi b6309e87 key 16:E5FC462D5B45E3D2D2CDBE80354F766A auth 20:B4FD4EC142626C58359AAC6278370986E4B9C4F
   8
   2023-11-28 15:52:09.559883 ike 0:Azure_0:31:Azure:16: added IPsec SA: SPIs=089ed054/b6309e87
   2023-11-28 15:52:09.560126 ike 0:Azure_0: tunnel up event assigned address 192.168.1.1
   2023-11-28 15:52:09.560352 ike 0:Azure_0:31:Azure:16: sending SNMP tunnel UP trap
   2023-11-28 15:52:09.560772 ike 0:Azure_0: sent tunnel-up message to EMS: (fct-uid=CFC62AA23F344235B5D8A61855E7FF6D, intf=Azure_0, addr=192.168.1.1, vdom=root)
   2023-11-28 15:52:09.561092 ike 0:Azure_0:31:Azure:16: responder preparing CREATE_CHILD message
   2023-11-28 15:52:09.561320 ike 0:Azure_0:31: enc 280000340000003001030404089ED0540300000C0100000C800E00800300000803000002030000080400000500000008050000002200001480626D
   7A23F5008349B6CC4289825B292C0000C800050000C26CB6DC83F23198EFB6B595A44AD7A2D4506D048F7E3BA27ED14CB47FF12B2C20ED2F7C59022E698A8EEB22AC1269DE785F4E4D674261E2268E6D5219EA8
   DBCD598D59CE007D831420E3654A93ED0733AA1AC51B2908611CA39D64B17ABA6E3EFC338A700480CC5CB65549BDA2B527FDAC9B68A4CAFBFE90ACEE70333451F31BA79FFA53B7028879E38682E2A2E74E692D6
   03B41ACA394E5EAEBEDAD923ADF8DF6E5B60C19A17860A9F72079F2A9B162244DA2ED48931DA94505F8A9784C6AE2D00001801000000070000100000FFFFC0A80101C0A80101000000180100000007000010000
   0FFFF00000000FFFFFFFF0F0E0D0C0B0A0908070605040302010F
   2023-11-28 15:52:09.561585 ike 0:Azure_0:31: out D9AE37737FFAA01FE0E51AE3ED77F2082E2024200000000300000190210001747521BEB5752BC8166B870187B8184577A936B1617899657B3F61B0
   ACE844FACE72E945DEC6A91FC5AB1001D8120A73ED5732605FE6D0DD57CDDFD2EB624A38490841A638172E86FAD3C27C255DF6508AE96D3C127C2FF9B479FD8007EE12B1E59227220F4A817A0BF29D9695C420F
   5C0B9F5D74F910345D843AD638946098D38C7F2C5C19FD854F2BE128DD336328DBF1072308F4AAFD103AEE529495D8D7A48233F6565104F277EFC9E8371A81A6B9EB59CA9AF66AD93332F3F767585522A750AD9
   1B124CD84C903BE6A64B3D63BA3E6D212E73C744D59DED2AE2580A12EB0550AD140F7CDB7587A5312910586972D01A39110DBF639CDF077B9B66799AA1C0F2A39C0106887F1D7E43B135B170A478A9DBF01B187
   C20E21A04A953B0BDC4E71A00BCED1C0B2F95C5188F701EB0372CFF5FD0DD347BD7765540E45AB0E6419EC8EB139099561E1A95F7C5056AB3B18E023338A23B26C32421BD7D5CB1C1308CA9EBAE191A87E50256
   83811AB0C5E644
   2023-11-28 15:52:09.561966 ike 0:Azure_0:31: sent IKE msg (CREATE_CHILD_RESPONSE): 172.19.200.113:500->172.19.200.185:500, len=400, vrf=0, id=d9ae37737ffaa01f/e0e51ae3
   ed77f208:00000003
   2023-11-28 15:52:13.239889 ike 0: comes 172.19.200.185:500->172.19.200.113:500,ifindex=3,vrf=0....
   2023-11-28 15:52:13.239970 ike 0: IKEv2 exchange=INFORMATIONAL id=d9ae37737ffaa01f/e0e51ae3ed77f208:00000004 len=80
   2023-11-28 15:52:13.239976 ike 0: in D9AE37737FFAA01FE0E51AE3ED77F2082E202508000000040000005000000034BFA2DC51F014978F5F695462630406B37D7311206880F4BA747BA1E786092E7F6F
   34C63B6D3B48A8E6531AABAA72FE55
   2023-11-28 15:52:13.240004 ike 0:Azure_0:31: dec D9AE37737FFAA01FE0E51AE3ED77F2082E202508000000040000002000000004
   2023-11-28 15:52:13.240222 ike 0:Azure_0:31: received informational request
   2023-11-28 15:52:13.240230 ike 0:Azure_0:31: enc 0F0E0D0C0B0A0908070605040302010F
   2023-11-28 15:52:13.240443 ike 0:Azure_0:31: out D9AE37737FFAA01FE0E51AE3ED77F2082E2025200000000400000050000000349815B795B19825052A1CEB3BFBDF0890035F90BFBAB8D3DC8B2D24
   3C0F347C253853573C4692A2FAB41271E0935FD0BE
   2023-11-28 15:52:13.240670 ike 0:Azure_0:31: sent IKE msg (INFORMATIONAL_RESPONSE): 172.19.200.113:500->172.19.200.185:500, len=80, vrf=0, id=d9ae37737ffaa01f/e0e51ae3
   ed77f208:00000004
   2023-11-28 15:52:17.875738 ike shrank heap by 344064 bytes