06-18-2009 05:51 PM
Hi experts, I found my L2L setting which configuration between VPN concentrator and Pix will disconnect every 7:36:32, I have searched on Internet and find some users already have the same problem but don't have an possible answer, do any expert know what is the reason for this?
Concentrator log:
1301 06/17/2009 22:55:57.570 SEV=4 IKE/41 RPT=609 <peer ip address>
Group [<peer ip address>]
IKE Initiator: Rekeying Phase 2, Intf 2, IKE Peer <peer ip address>
local Proxy Address x.x.x.x, remote Proxy Address x.x.x.x,
SA (L2L: L2L_TEST)
1327 06/17/2009 22:56:29.570 SEV=4 IKEDBG/97 RPT=59 <peer ip address>
Group [<peer ip address>]
QM FSM error (P2 struct &0x1dc856a4, mess id 0x11ca1925)!
1328 06/17/2009 22:56:29.570 SEV=4 AUTH/23 RPT=42 <peer ip address>
User [<peer ip address>] Group [<peer ip address>] disconnected: duration: 7:36:32
1329 06/17/2009 22:56:29.570 SEV=4 AUTH/85 RPT=42
LAN-to-LAN tunnel to headend device <peer ip address> disconnected: duration: 7:36:32
- Is the problem related to Phase 2 rekeying? I have already set the Phase 2 key lifetime to 28800(8 hours), if it is related to Phase 2 rekey, why it disconnected every 7:36:32, not 8 hours?
- Also, is it related to the phase 2 proposal not match between the two device?
Please help...
06-19-2009 06:08 AM
It could be P2 rekey. Make sure PFS is either disabled or enabled on both devices.
06-19-2009 09:15 AM
Hi Auraza, I've checked both devices and found PFS is disabled for them. Any other possible reason? Is it related to Phase 2 SA proposal problem?
06-19-2009 09:22 AM
Not sure if it is related to SA proposal or what, but if you did initially connect, then it doesn't sound like a Phase 2 problem, but we'll have to see debugs to see what is going on.
General -> Events -> Classes:
enable IKE, IKEDBG, IPSEC, IPSECDBG to log for sev 1-9.
Once this happens again, copy the logs and post them here, with the time that it happened. That should give a better idea.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide