Delete ipsec phase 1 sa For interface-based IPsec, IPsec SA negotiation blocking can only be removed if the peer offers a wildcard selector. You can just delete it from the secondary unit. 4 & FortiNAC 9. Nominate to Knowledge Base. 106482 ike 0:P1_DWOW_Azure: connection expiring due to phase1 down . 21. 234811 ike 0: I'm trying to build IPsec tunnel between my Strongswan cloud instance to the Cisco CSR 1000V which is from ISP. The debugs don't really seem all that interesting, I'm afraid. Thank you again for the quick reply. Description of above events: 21:44:04: Phase-1 SA timed out. Lastly, these are just the consequences of the above not being a rekey but a fresh new SA_INIT: all existing phase1/2 SAs get scrapped. Je reçois Ph-1 à venir et je suis supprimé. In case the tunnel fails to be established, the FortiGate will show the following logs where it will start with success with 'logdesc="Negotiate IPsec phase 1' then when authentication fails it will show as Failure for the log 'logdesc="Progress IPsec phase 1'. IPsec VPN トンネルに関するいくつかの問題に直面しています。Cisco ISR4331 ルータと Cisco ASR1001-X の間に作成された VPN。 私はPh-1が近づいてきて削除されます。エラー "MM_NO_STATE - アクティブ (削除済み)" ASR1001-X ルータでデバッグを実行すると、以下のエラーが検出され、アタッチされているすべての Understanding VPN related logs. Sort by: Best. Lengthy testing and research uncovered that the main way this starts to happen is when both sides negotiate or renegotiate simultaneously. install_sa install IPsec SA. If the name is NOT specified, all tunnels will be 'flushed'. 4780 0 Kudos Reply. Kindly execute the following commands:-----exec ha manage 0/1 [username] <-- It will either be 0 or 1 depending on the HA cluster. After some time I get Old IPSEC SA delete SA from CSR and at same moment I get new Phase 2 delete SA as well. negotiate success negotiate IPsec phase2. Is that the only debugging you get about the remote endpoint? No I'm facing some issues with the IPsec VPN tunnel. 65. 为了解决这个问题,您需要检查防火墙和对端设备的 IKE 安全提议配置,确保它们的工作模式、加密算法、认证算法、预共享密钥等参数完全一致。 IPSec IKE Phase One Doesnt establish. 解決策. Reason: Roll back and delete P1 SA. Scope: FortiGate: Solution: In this example name of the phase2 selector of the IPSec tunnel is 'FGT_VPNIPSEC'. 170, VPN device configuration must match or contain the following algorithms and parameters that you specify on the Azure IPsec/IKE policy. 从 ISAKMP 报文中可以知道 ike 协商过程 From the Fortinet VPN event logs I see "IPsec phase 1 SA deleted. I can read in the logs event : 4 2012-03-07 10:39:59 notice ipsec 37134 delete_phase1_sa delete IPsec phase 1 SA 5 2012-03-07 10:39:56 notice ips Phase 2 (Each proxy ID) should be negotiated according to the key lifetime, so if in one side it's set to 5 minutes that's normal. Local ID: bluestarhz Local The deletion of the Phase 1 SA is part of the rekeying process. 0238. 1 Hi, I have a P2P VPN that sometimes goes down for 40-60 minutes once or twice a day. The IPsec phase 1 interface type cannot be changed after it is configured. interface. SA information: Role: initiator . erreur "MM_NO_STATE - ACTIVE (Deleted)" Lorsque j’exécute le débogage sur Hello I am facing packet drops whenever the phase 1 re-negotiates. According to the form given to me, I have to configure with the following factors in mind Phase 1 Authentication Method: PSK Encryption Scheme: IKEv1 DH Group: Group 2 Encryption Algorithm: AES-256 Hashing Algorithm: SHA1 Main or Aggressive: SA の ID は自動的に付与され、 show ipsec sa コマンドで確認することができる。 [適用モデル] vRX シリーズ, RTX5000, RTX3510, RTX3500, RTX1300, RTX1220, RTX1210, RTX830 negtotiate, success, prograss IPsec phase2. The tunnel came up initially, but then went down when it was attempting to rekey. msg peer does not do paranoid keepalives. In the logs I see a delete IPsec phase 1 SA followed by install IPsec SA 45 min later, which correlates with the outage. - 261563 This website uses Cookies. I'm trying to build IPsec tunnel between my Strongswan cloud instance to the Cisco CSR 1000V which is from ISP. ede_pfau. ScopeFortiNAC-F 7. The following image shows the Phase 2 Selector configuration from the FortiGate GUI. 193. 8. Using IKE2. Open comment sort Log says IPSec Phase 1 progess and in Detail negotiation success Also tried with a test user but no success. the issue is I can see encapsulated data but not able to decapsulate any data traffic. What does the delete & install IPSEC phase 1 SA lifetime not honouring configured setting of 28800 hi . I click on " Bring up" and nothing happen. Check the output when both commands are used on v7. Debug on Cisco: 000087: *Aug 17 17:04:36. I configured the tunnel using the IPsec wizard but I cannot connect using the FortiClient VPN software. Phase 1. Other users also viewed: Actions. · 清除本地的IPsec SA时,如果相应的IKE SA还存在,将在此IKE SA的保护下,向对端发送删除消息,通知对方清除相应的IPsec SA。. When i configure a second subnet in strongswan it will work for some time and then disconnect. In that period the traffic times out until the P1 starts again after IPSEC phase 1 SA lifetime not honouring configured setting of 28800 hi . Everything in the tunnel settings match but I'm getting an error when they are connecting. When updating phase-2 keys, this device, for some unknown reason, sends a message about deleting a new SA instead of a message about creating a new SA Hey all, Right now im trying to establish a site to site IPsec between a Cisco 2900 Router and a FortiGate 40F Firewall. 1 is out Hi tungnx59, The deletion of the Phase 1 SA is part of the rekeying process. VPN created between Cisco ISR4331 router and Cisco ASR1001-X. IPsec phase1 negotiating logid="0101037127" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132571 logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=11. On my 110C (v4. the tunnel is UP but I can't ping my remote PC behind CISCO ASA. 101. VPN créé entre le routeur Cisco ISR4331 et Cisco ASR1001-X. In my ipsec, lifetime for phase 1 is 86400 and in phase 2 lifetime is 28800. 5. Alternatively 7. Trier par : IPSEC phase 1 SA lifetime not honouring configured setting of 28800 hi . logid=”0101037127″ type=”event” subtype=”vpn” level=”notice” vd=”root” eventtime=1544132571 logdesc=”Progress IPsec phase 1″ msg=”progress IPsec phase 1″ action=”negotiate” remip=11. Log says phase 2 sa deleted. At the end of the logs, it shows that the IPsec Phase 1 SA is deleted. SHOW: BVA-SH# show crypto isakmp sa Active SA:1 Rekey SA:0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA:1 1 IKE Peer:86. delete IPsec phase 1 SA Hi, I got a VPN tunneling between 2 fortigate. 0 09:34:53 - IKE-nego-p1-delete >> delete own phase 1 SA [ |Unexplained gap | I'm pretty sure that it was an issue with PFS, and the DH Group set on the Palo in the IPSEC Crypto profile did not match what was set on the ASA. Protocol ESP, Num of SPI: 1. x. Cheers, Eric @synomega. The tunnel itself doesn't go down, but no traffic is passing. Replace 'my-phase1-name' with the name of the Phase1 part of the VPN tunnel. 137. 1 IKE SA硬超时到期,将删除IKE SA;如果IPSec SA已经建立,将同时删除IPSec SA。IPSec SA硬超时到期将同时删除IKE SA和IPSec SA。 另外,若开启了IKE SA Keepalive或DPD功能,Keepalive超时或DPD超时也会删除IKE SA和IPSec SA。 Hi @dingjerry_FTNT,. Hi Most likely, in your case, the problem comes from the Fortigate device. If both peers initiate, reauthenticate, or rekey phase 1 at the same バージョン FortiGate for VMware FortiOS v7. 2023/06/17 14:38:23 negotiate success progress IPsec phase 1 2023/06/17 14:38:53 delete_phase1_sa delete IPsec phase 1 SA Understanding VPN related logs. Résolu : Je rencontre des problèmes avec le tunnel VPN IPsec. delete_ipsec_sa delete IPsec phase 2 SA . 138 Type :L2L Role :responder Rekey :no State :AM_ACTIVE BVA-SH# show crypto ipse BVA-SH# show crypto ipsec sa There are no ipsec sas BVA-SH# 这个错误的信息是不是说明我在第二阶段生 I have had a IPSEC connection setup between two firewalls. 202 12/02/08 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 58 23:50:42. edit "Phase1-Name" set type static set interface "port1" set ip-version 4 set ike-version 1 set local-gw x. A racoonctl command is available to delete an SA, but you should only use it when instructed by F5 Support. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. 3. so CSR deletes both old and new IPSEC Phase 2 SA together. This document provides some IPsec log samples: IPsec phase1 negotiating. But this phase2 remains visible under " VPN/Monitor IPsec" . Our remote ipsec peer is Cisco ASA. In certain cases an IPsec tunnel may show what appear to be duplicate IKE (phase 1) or Child (phase 2) security association (SA) entries. 098704 ike 0:P1_DWOW_Azure:2420: negotiation timeout, deleting 2024-02-06 12:10:46. 94:500 negotiating 2024-02-06 12:10:46. 253. 234794 ike 0:IPSECTUNNEL:4119:15634: send informational 2025-02-05 IPSEC phase 1 SA lifetime not honouring configured setting of 28800 hi . There are two phases, "Phase 1" and "Phase 2" for each IPSEC connection. The log message confirms that the VPN tunnel’s existing SA has been removed to allow a new SA You can display and delete IPsec SAs, called "phase 2" in the same way as you can IKEv2 SAs; however, the BIG-IP IKEv1 implementation provides no safe method to I also deactivated geoblocking and changed from IKE Aggressive mode to Main mode but nothing changed. x, remote:20. seem like UDP 500 dropped in the path unidirectionnaly from this router to the remote peer. I had an existing tunnel, but unfortunately it broke for some reason both side it's fortigate one side its VM and other side (my side) it's Hardware. Ignat 1 Reputation point. IPSEC phase 1 SA lifetime not honouring configured setting of 28800 hi . 1 remport=500 locport=500 IPSEC phase 1 SA lifetime not honouring configured setting of 28800 hi . Nominate a Forum Post for Knowledge Article Creation. Phase1. 2, 7. SuperUser Created on 12-02-2011 VPN tunnel gets reset for one of my peer IP with a reason IKE delete. I recently configured ipsec with strongswan from my vps to my fortigate. 732: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM If phase-1 SA is down you would not see the peer IP and the Established status. Phase 1 Protocol: IKEv2; Phase 1 Proposals: [PSK][DH20][AES256][SHA256]28800-sec; Phase 2 Proposals: ESP tunnel [DH20][AES256][SHA256] 3600-sec 0-kb; Cause. Note that the Phase 1 timer is expressed in minutes on the Check Point and the Phase 2 timer is expressed in seconds, while most other vendors express 华三F1000-905-AI 与深信服防火墙建立IPSEC VPN,提示如下错误信息,请问题如何解决: %Jul 8 01:26:38:268 2022 F1000 IKE/6/IKE_P1_SA_TERMINATE: The IKE phase 1 SA was deleted. Everything up to the points in the logs show negotiate success. You can display and delete IPsec SAs, called "phase 2" in the same way as you can IKEv2 SAs; however, the BIG-IP IKEv1 implementation provides no safe method to manually delete ISAKMP SAs. I've enabled debugging (level 127) and this is what i see: Fastest way to find out is to make a backup from your fortigate and search the config file for the P1 name. This is due to the tunnel ID parameter (tun_id), which is used to match routes to IPsec tunnels to forward traffic. Log: date=2025-01-09 time=20:39:57 eventtime=1736451597809526604 tz="+0100" logid="0101037134" type="event" subtype="vpn" level="notice" vd="root" logdesc="IPsec phase 1 SA deleted" msg="delete IPsec phase 1 SA" action="delete_phase1_sa" . Hi, I got a VPN tunneling between 2 fortigate. Im using version 7. Phase 1 tunnel failing/IKE_SA being deleted from my side. Fortigate Firewall Phase-1 negotiation timeout, deleting Hello All, We IPsec SA connect 45 81. The FortiGate GUI shows that the Tunnel is UP, but on the Cisco it's still not working. 126. Related Topics Fortinet Public company Business Business, Economics, and If Phase 1 is completely succeeding but is immediately followed by a "Delete SA" notification, check the Phase 1 and Phase 2 SA Lifetime timers and make sure they match exactly on both sides. x set keylife 86400 spi count 1 ike 0:Phase1Name:3821: deleting IPsec SA with SPI a5fd1355 ike 0:Phase2Name: deleted IPsec SA with SPI a5fd1355, SA count: 0 ike 0:Phase1Name: sending SNMP tunnel DOWN trap for Solved: What can be reason for this message ( description contains 'Deleting a possible stale phase-1 SA. When I look at the VPN Event logs on the 200F I see these two log events. How do I need to proceed to get rid of the phase1-interface? I tried in the CLI with " config vpn ipsec phase-1interface" then " delete VPNNAME" but I got told that the phase1-interface was being used. FortiClient側のVPN詳細設定にて、フェーズ1およびフェーズ2のIKEプロポーザルを AESxxx から DES に変更すると、VPN通信が確立で Additional Info: Log always says Phase 1 Negotiation successful but one minute later it says SA_delete Share Add a Comment. Configurations are the same in both side, but our ipsec connections lasts only 30 minutes (1800 seconds). According to the form given to me, IPSEC phase 1 SA lifetime not honouring configured setting of 28800 hi . The log message confirms that the VPN tunnel’s existing SA has been removed to allow a new SA to be negotiated. What Device- ASA5545x software version 9. looking into your configuration and your debug I noted we only see the "MM_SA_SETUP" which means "The peers have agreed on parameters for the ISAKMP SA. Local IP: 100. 234794 ike 0:IPSECTUNNEL:4119:15634: send informational 2025-02-05 Hi Guys, Recently encountered an issue in where Phase 2 of IPsec somehow not functioning well. IPSec VPN deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer 10. We deleted the tunnels and created a new tunnel, phase 1 is success on my side but, there is no logs for phase 2. · 如果先清除IKE SA,那么再清除本地IPsec SA时,就无法通知对端清除 We are talking about IPsec VPN, right? You have to delete the VPN in this order: - policy/policies - phase2 - this is Thanks for your help it was an IE 9 problem i can see phase 2 inder phase 1 VPN and with google chrome i can view and delete phase 2 and 1. 145 . Feb 18 09:26:36. could IPSEc is policy based configuration: In both site A and site B vpn are configured with these paramenters: PHASE 1 MODE: main Encryption: AES128/MD5 - AES128/SHA1 - DES/MD5 Dh group: 2 Key life: 28800 seconds XAUTH: disabled Dead Peer Detection: Enabled PHASE 2 Encryption: AES128/MD5 - AES128/SHA1 Enable repaly detection: disabled Enable IPSEC phase 1 SA lifetime not honouring configured setting of 28800 hi . 211. 2 VPN parameters-ikev2- AES256 SHA256 keep alive phase 1 - 86400 #sh crypto ipsec sa peer x. And 12 seconds later the message “delete IPsec phase 1 SA” is displayed. Find answers to Phase 1 SA deleted before Mode Config is completed cause by PEER_DELETE-IKE dst port 10000 56 23:50:42. Understanding VPN related logs. Delete IPsec SA what messages to look for when reviewing logs for FortiGate VPN IPSec integration with FortiNAC. Des idées? Partager Ajouter un commentaire. Select a minimum of one and a maximum of three combinations. 20. IPsec Phase 2 issue . Use ' diagnose vpn ike gateway clear name <my-phase1-name> ' instead. Definitely since the 4-5 other SA's of the same peer are running without problems. System logs showing Phase 2 and Phase 1 renegotiating. VPN was still working there is only 2 days and now this is down. The deletion of the Phase 1 SA is part of the rekeying process. This is the progress of the connection in phase 1 of IPsec: 2024/09/26 11:40:55 -> negotiate IPsec phase 1 -> XAuth authentication successful 2024/09/26 11:40:55 -> progress IPsec phase 1 -> OK 2024/09/26 11:40:55 -> progress IPsec phase 1 -> DONE . IKE encryption algorithm ; IKE integrity Was does the MM_NO_STATE usually mean when having errors bringing phase 1 up? IPv4 Crypto ISAKMP SA dst src state conn-id status IPSEC(sa_request): , (key eng. Print; Copy Link. But I Still get the same issue. This is a common practice in IPsec VPNs to refresh encryption keys or when SA lifetimes expire. At this point the IKE Gateway Status light will become red. The command 'diagnose vpn tunnel flush' might not flush the tunnel in some FortiOS versions. Hi SachinAhire9605 6. Hi i can say you what you can review: -check that the proposal (encryption, lifetime, dh group) for the IKE 2nd phase match each other and try to switch off any What’s terminating the other side of the VPNs? If the issue started after you upgraded to 7. 234794 ike 0:IPSECTUNNEL:4119:15634: send informational 2025-02-05 10:58:21. 0. 2016-06-09 08:37:38 ike 1:VPN-Azure: deleting IPsec SA with SPI 90acd1c8 2016-06-09 08:37:38 ike 1:VPN-Azure:VPN-Azure-MGMT: deleted IPsec SA with SPI 90acd1c8, Can you also post your phase 1 config? Yeah, i put those in because i've seen them on other topics/blogs about Fortigate/Azure vpn connections;. Local ID type: FQDN . For ikev2, the IKE Info details appear the same, when you click on IKE Info GUI: ikev2 CLI: Delete IKEv1 IPSec SA: Total 1 tunnels found. -R. 202 12/02/08 Sev=Info /4 IPSEC/0x63700014 Deleted all IKEv2 IPSec SA delete message received from peer. 您好,reset ike sa命令用来清除IKE SA。. You don't usually want to re-ley that often, if you're receiving delete messages the re-keys need to be troubleshooted in the side deleting the SA. Thanks. Why does the SA keep getting deleted after successfully being established? I think this could be the reason why the status is not going to "Up". Does anybody have an idea what could've happened? Additional Info: Log always It’s easiest to ask the other end of the link to supply you their config - it’s most likely a mismatch in the encryption domains. Any help will be appreciated. Solution In this article, the following debug outputs were enabled to generate verbose logging: Fortinet VPN, RemoteAccess, Syslog server, SSOManager & Pers [SA] : Tunnel [###_IPSEC_VPN_CONN] Phase 1 proposal mismatch. 需要注意的是: · 如果未指定任何参数,则表示清除所有IKE SA。. config vpn ipsec phase1-interface delete [phase 1 name] end---- To configure IPsec Phase 1 settings, Add or delete encryption and authentication algorithms as required. What actually happen is after every 8 hours Phase 1 is rekeyed fine. If the IPsec phase 1 interface type needs to be changed, a new interface must be configured. for phase 2, I have not configured DH and the tunnel is UP. Ok, so we have this prehistoric old ASA but that shouldn't be the reason for just 1 SA to be deleted and rebuild every 7 seconds or so. progression IPsec phase 1 supprimer IPsec phase 1 SA (encore une fois, un redémarrage du routeur corrige le problème immédiatement. Learn what the log message 'IPsec phase1 SA deleted' means and how it relates to the rekeying process of IPsec VPNs. It shows the log fields, data types, and values for this event Trying to setup an IPSec tunnel between a Fortinet 60e fw 6. x peer address: x. I can delete the "Phase 2" entry by clicking the trashcan icon (in the web interface), but there is not such icon for "Phase 1". Notice the Phase-1 renegotiations have not started right IPsec两种模式建立的过程,以及如果ike sa,或者ipsec sa没有起来,如何通过debugging来分析,急,谢谢 Ike profile 中没有匹配上对应终端的地址(这种情况也会同时提示 Failed to get IPsec policy for phase 2 responder. ) Nous utilisons une adresse IP statique des deux côtés. 42076 0 Kudos Reply. I'm getting Ph-1 coming up and get deleted. sorry for the late reply. 220. 0 you could try to roll back the firmware with the set-next-reboot command. 5 and a Zywall 110. I can read 2024/03/01 08:16:06 tunnel-stats Notice IPsec tunnel statistics Lockwood 2024/03/01 08:06:05 tunnel-stats Notice IPsec tunnel statistics Lockwood 2024/03/01 07:56:05 negotiate Notice progress IPsec phase 2 success Lockwood 2024/03/01 07:53:13 install_sa Notice install IPsec SA Lockwood 2024/03/01 07:53:13 phase2-up Notice IPsec phase 2 status change Lockwood IPsec VPN 主模式通常会有两个阶段,第一阶段为 ike 协商过程,建立 ike sa , ike sa 的建立为第二阶段 IPsec SA 的协商提供保护。 第一阶段 ike sa 建立,需要在两端设备上配置 ike proposal 、 ike keychain 和 ike profile ,并在接口上应用策略,两个阶段的协商过程如下:. Whenever this peer gets disconnect this always show reason IKE delete. 80. Now I want to remove the tunnel in my firewall, a "Fortigate 60". This section provides some IPsec log samples. The SA gets expired and deleted but it takes 20 minutes for it to start the P1 phase again. After that openswan/strongswan rekey Phase 2 and negotiate new Phase 2 with CSR. Remote port 4500 Log ID 37134. 234759 ike 0:IPSECTUNNEL:IPSECTUNNEL: deleted IPsec SA with SPI f9aab906, SA count: 1 2025-02-05 10:58:21. ike 0:IPSECTUNNEL:IPSECTUNNEL: deleted IPsec SA with SPI 02adeefa, SA count: 1 . 4. 311 MET: IKEv2-ERROR:Couldn't find matching SA: This article explains how to delete IPSec phase 2 selector from the CLI of the FortiGate if there is no option to delete it from GUI. please any advise?? In case you use Interface VPN: # diag sys checkused system. deleting IPsec SA with SPI 02adeefa. Is it possible to delete it ? Thanks. The article explains the scope, meaning, impact and action required for this message on FortiGate devices. config vpn ipsec phase1-interface delete [phase 1 name] end---- IPSEC phase 1 SA lifetime not honouring configured setting of 28800 hi . 1. 64. name <vpn-phase1-name> That should reveal all dependencies for that " interface" . Today I was playing with setting up route-based IPSec policies to one of our remote offices and decided to start completely over. If this repe Hello everybody. IKE SA delete called for p1 sa 3213912 (ref cnt 3) local:x. error This web page explains the meaning and format of the log message 37134, which indicates that an IPsec phase 1 SA was deleted. x Crypto map tag: outside IPSec 隧道建立失败的原因是 No acceptable transform,也就是说,防火墙和对端设备的 IKE 安全提议参数不一致,导致无法协商出合适的加密算法和认证算法。 1 2. 5 build0304 (GA) FortiClient 7. deleting IPsec SA with SPI f9aab906 2025-02-05 10:58:21. You' ll find the culprit soon. " however, we do not see anyother ISAKMP parameters. If the IPsec phase 1 interface type needs to be changed, a new interface must be configured. 12 as firmware btw. Cannot find compatible Diffie-Hellman group, info required to exchange matching shared secret keys. I need to remove an IPSec VPN I created, but I only managed to get the phase2-interface deleted. 1 locip=173. 155. Everyone happy till now. 202 12/02/08 Sev=Info/4 IPSEC/0x63700014 Deleted all keys 57 23:50:42. Disable rekey is checked by default when creating new ipsec phase 1. Reply reply I've got an interesting case where we have a VPN tunnel with one of our partners that works with a single phase 2 selectors but the moment we add additional selectors none (proto 3) ike 0:Partner VPN: deleting IPsec SA with SPI It was due to mismatch between parameters of phase 1. 69) I'm facing some issues with the IPsec VPN tunnel. 58->13. Recv IKE sa: SA([0] protocol = IKE (1), AES CBC key len = 256, HMAC-SHA1 PRF, HMAC-SHA1-96, 384 bit ECP, AES CBC key len configure terminal logging system-log category ike level all logging system-log category ipsec level all So, I deleted everything and ran the Quick Setup Wizard. Mar 25 21:19:42: ISAKMP: (0):retransmitting phase 1 MM_SA_SETUP Hi, After creating a VPN ipsec phase2 in order to make tests with our new vpn Fortigate, we have deleted it because it is not used under production' s environnment. They show a regular three-way Quick Mode negotiation for SA 14f3654c/ca307014, and in the middle there is an informational message informing to delete SA 14f36548, after it expired due to reaching it's time-based lifetime.
fwv qcydxh pbd bsnyk ktlhkv xmfeya hlygqf ihkfmxh gwfhah vkhe taza pjwxq rfaiekt hxhdij yeavw