VPN Concentrator disconnected every 7:36:32

Unanswered Question
Jun 18th, 2009

Hi experts, I found my L2L setting which configuration between VPN concentrator and Pix will disconnect every 7:36:32, I have searched on Internet and find some users already have the same problem but don't have an possible answer, do any expert know what is the reason for this?

Concentrator log:

1301 06/17/2009 22:55:57.570 SEV=4 IKE/41 RPT=609 <peer ip address>

Group [<peer ip address>]

IKE Initiator: Rekeying Phase 2, Intf 2, IKE Peer <peer ip address>

local Proxy Address x.x.x.x, remote Proxy Address x.x.x.x,

SA (L2L: L2L_TEST)

1327 06/17/2009 22:56:29.570 SEV=4 IKEDBG/97 RPT=59 <peer ip address>

Group [<peer ip address>]

QM FSM error (P2 struct &0x1dc856a4, mess id 0x11ca1925)!

1328 06/17/2009 22:56:29.570 SEV=4 AUTH/23 RPT=42 <peer ip address>

User [<peer ip address>] Group [<peer ip address>] disconnected: duration: 7:36:32

1329 06/17/2009 22:56:29.570 SEV=4 AUTH/85 RPT=42

LAN-to-LAN tunnel to headend device <peer ip address> disconnected: duration: 7:36:32

- Is the problem related to Phase 2 rekeying? I have already set the Phase 2 key lifetime to 28800(8 hours), if it is related to Phase 2 rekey, why it disconnected every 7:36:32, not 8 hours?

- Also, is it related to the phase 2 proposal not match between the two device?

Please help...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
auraza Fri, 06/19/2009 - 06:08

It could be P2 rekey. Make sure PFS is either disabled or enabled on both devices.

hfma_hk09 Fri, 06/19/2009 - 09:15

Hi Auraza, I've checked both devices and found PFS is disabled for them. Any other possible reason? Is it related to Phase 2 SA proposal problem?

auraza Fri, 06/19/2009 - 09:22

Not sure if it is related to SA proposal or what, but if you did initially connect, then it doesn't sound like a Phase 2 problem, but we'll have to see debugs to see what is going on.

General -> Events -> Classes:

enable IKE, IKEDBG, IPSEC, IPSECDBG to log for sev 1-9.

Once this happens again, copy the logs and post them here, with the time that it happened. That should give a better idea.

Actions

This Discussion