05-17-2010 03:03 PM
hello,
i have a problem whit mi easy vpn client is down every 10 seconds an appear this this message in debug:
*Mar 11 08:50:33.557: ISAKMP:(3005):purging node -1308217119
*Mar 11 08:50:41.345: ISAKMP:(3004):purging SA., sa=83A4B344, delme=83A4B344
regards
05-17-2010 03:05 PM
Angel,
Is this an IPsec client software or an ezvpn hardware client?
The connection establishes, but it goes down every 10 seconds, is that it?
Federico.
05-17-2010 03:13 PM
Hi,
the ezvpn in configured in router 800 series and it established the conection and I m can ping the private ip address of remote peer
and that this appear in the logg
*Mar 11 10:08:56.877: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Mar 11 10:08:57.877: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down
*Mar 11 10:08:58.525: %CRYPTO-6-EZVPN_CONNECTION_UP: (Client) User=XXXXX Group=XXXXX Server_public_addr=X.X.X.X NEM_Remote_Subnets=192.168.7.0/255.255.255.0 192.168.7.0/255.255.255.0 192.168.7.0
*Mar 11 10:08:58.533: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Mar 11 10:08:59.533: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
regards
05-17-2010 03:15 PM
Seems the interface is flapping and that might be why the VPN tunnel goes down.
Isn't that the problem?
Federico.
05-17-2010 03:57 PM
hi,
I chequed the ip of the lan inside interfaces and no have a problem its ok
05-17-2010 04:02 PM
Angel,
I asked the question because on the messages that you attached, the interface is going up/down.
Anyway, please explain the following:
You have IPsec VPN client software connecting to the 800?
Or, the 800 are connecting as ezvpn clients to a VPN server?
Federico.
05-17-2010 04:08 PM
the 800 are connecting as ezvpn clients to a VPN server
and the it can comunicate whit the server only that when I pinging at the server this is succesfully when the ezvpn is down lose one packet and continue the ping succesfully
regards
05-17-2010 04:12 PM
Angel,
If I understand correctly, the VPN tunnel establishes but it goes down.
If you PING, then it establishes fine, but again goes down.
Is this the problem?
Federico.
05-17-2010 04:17 PM
this is the debug:
*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 1424545127
*Mar 11 08:50:31.345: ISAKMP:(3004):purging node -1848733477
*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 322940248
*Mar 11 08:50:31.345: ISAKMP:(3004):purging node -292373508
*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 2088837442
*Mar 11 08:50:31.345: ISAKMP:(3004):purging node -994368148
*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 1533463870
*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 1274754254
*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 1725567880
*Mar 11 08:50:31.345: ISAKMP:(3004):purging node -1582202546
*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 335295199
*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 1354640579
*Mar 11 08:50:33.201: ISAKMP:(3005):purging node 423492054
*Mar 11 08:50:33.233: ISAKMP:(3005):purging node -35547341
*Mar 11 08:50:33.233: ISAKMP:(3005):purging node -678601614
*Mar 11 08:50:33.273: ISAKMP:(3005):purging node 2105251367
*Mar 11 08:50:33.377: ISAKMP:(3005):purging node -236295930
*Mar 11 08:50:33.405: ISAKMP:(3005):purging node 1832706167
*Mar 11 08:50:33.405: ISAKMP:(3005):purging node 622989195
*Mar 11 08:50:33.429: ISAKMP:(3005):purging node 355771240
*Mar 11 08:50:33.429: ISAKMP:(3005):purging node 705069511
*Mar 11 08:50:33.437: ISAKMP:(3005):purging node 2077006263
*Mar 11 08:50:33.481: ISAKMP:(3005):purging node -1464272750
*Mar 11 08:50:33.481: ISAKMP:(3005):purging node -1856382539
*Mar 11 08:50:33.505: ISAKMP:(3005):purging node -556921504
*Mar 11 08:50:33.509: ISAKMP:(3005):purging node -548730233
*Mar 11 08:50:33.529: ISAKMP:(3005):purging node -1217521514
*Mar 11 08:50:33.529: ISAKMP:(3005):purging node -767799163
*Mar 11 08:50:33.557: ISAKMP:(3005):purging node -1045693878
*Mar 11 08:50:33.557: ISAKMP:(3005):purging node -1308217119
*Mar 11 08:50:41.345: ISAKMP:(3004):purging SA., sa=83A4B344, delme=83A4B344
*Mar 11 08:50:43.317: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=usuario Group=password Server_public_addr=public_address
*Mar 11 08:50:43.325: ISAKMP: set new node -53475109 to QM_IDLE
*Mar 11 08:50:43.329: ISAKMP:(3005): sending packet to (ip_address) my_port 500 peer_port 500 (I) QM_IDLE
*Mar 11 08:50:43.329: ISAKMP:(3005):Sending an IKE IPv4 Packet.
*Mar 11 08:50:43.329: ISAKMP:(3005):purging node -53475109
*Mar 11 08:50:43.329: ISAKMP:(3005):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL
*Mar 11 08:50:43.329: ISAKMP:(3005):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Mar 11 08:50:43.329: ISAKMP: set new node -908125820 to QM_IDLE
*Mar 11 08:50:43.329: ISAKMP:(3005): sending packet to (ip_address) my_port 500 peer_port 500 (I) QM_IDLE
*Mar 11 08:50:43.329: ISAKMP:(3005):Sending an IKE IPv4 Packet.
*Mar 11 08:50:43.333: ISAKMP:(3005):purging node -908125820
*Mar 11 08:50:43.333: ISAKMP:(3005):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL
*Mar 11 08:50:43.333: ISAKMP:(3005):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Mar 11 08:50:43.333: ISAKMP:(3005):peer does not do paranoid keepalives.
*Mar 11 08:50:43.333: ISAKMP:(3005):deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (I) QM_IDLE (peer ip_address)
*Mar 11 08:50:43.333: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
*Mar 11 08:50:43.333: ISAKMP: set new node -1112502632 to QM_IDLE
*Mar 11 08:50:43.333: ISAKMP:(3005): sending packet to (ip_address) my_port 500 peer_port 500 (I) QM_IDLE
*Mar 11 08:50:43.333: ISAKMP:(3005):Sending an IKE IPv4 Packet.
*Mar 11 08:50:43.337: ISAKMP:(3005):purging node -1112502632
*Mar 11 08:50:43.337: ISAKMP:(3005):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
*Mar 11 08:50:43.337: ISAKMP:(3005):Old State = IKE_P1_COMPLETE New State = IKE_DEST_SA
*Mar 11 08:50:43.337: ISAKMP:(3005):deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (I) QM_IDLE (peer ip_address)
*Mar 11 08:50:43.337: ISAKMP:(0):Can't decrement IKE Call Admission Control stat outgoing_active since it's already 0.
*Mar 11 08:50:43.337: ISAKMP: Unlocking peer struct 0x8428F098 for isadb_mark_sa_deleted(), count 0
*Mar 11 08:50:43.337: ISAKMP: Deleting peer node by peer_reap for 200.67.233.238: 8428F098
*Mar 11 08:50:43.337: ISAKMP:(3005):deleting node 1661617387 error FALSE reason "IKE deleted"
*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node 2032741393 error FALSE reason "IKE deleted"
*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node -1308849341 error FALSE reason "IKE deleted"
*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node -955006391 error FALSE reason "IKE deleted"
*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node 354578411 error FALSE reason "IKE deleted"
*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node -1258842804 error FALSE reason "IKE deleted"
*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node -2102576846 error FALSE reason "IKE deleted"
*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node -1200444317 error FALSE reason "IKE deleted"
*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node 75082018 error FALSE reason "IKE deleted"
*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node -1753974262 error FALSE reason "IKE deleted"
*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node 49047803 error FALSE reason "IKE deleted"
*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node 1355123061 error FALSE reason "IKE deleted"
*Mar 11 08:50:43.341: ISAKMP:(3005):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Mar 11 08:50:43.341: ISAKMP:(3005):Old State = IKE_DEST_SA New State = IKE_DEST_SA
*Mar 11 08:50:44.333: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down
*Mar 11 08:50:44.637: del_node src (ip_address):500 dst (ip-adreesss):500 fvrf 0x0, ivrf 0x0
*Mar 11 08:50:44.637: ISAKMP:(3005):peer does not do paranoid keepalives.
*Mar 11 08:50:44.637: ISAKMP:(0): SA request profile is (NULL)
*Mar 11 08:50:44.637: ISAKMP: Created a peer struct for (ip_address), peer port 500
*Mar 11 08:50:44.637: ISAKMP: New peer created peer = 0x8428F098 peer_handle = 0x80002A9D
*Mar 11 08:50:44.637: ISAKMP: Locking peer struct 0x8428F098, refcount 1 for isakmp_initiator
*Mar 11 08:50:44.637: ISAKMP:(0):Setting client config settings 83A4C2F4
*Mar 11 08:50:44.637: ISAKMP: local port 500, remote port 500
*Mar 11 08:50:44.637: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 83A4B344
*Mar 11 08:50:44.641: ISAKMP:(0): client mode configured.
*Mar 11 08:50:44.641: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
*Mar 11 08:50:44.641: ISAKMP:(0): constructed NAT-T vendor-07 ID
*Mar 11 08:50:44.641: ISAKMP:(0): constructed NAT-T vendor-03 ID
*Mar 11 08:50:44.641: ISAKMP:(0): constructed NAT-T vendor-02 ID
*Mar 11 08:50:44.641: ISKAMP: growing send buffer from 1024 to 3072
*Mar 11 08:50:44.641: ISAKMP:(0):SA is doing pre-shared key authentication plus XAUTH using id type ID_KEY_ID
*Mar 11 08:50:44.641: ISAKMP (0:0): ID payload
next-payload : 13
05-17-2010 04:22 PM
What is this interface used for on your scenario: Virtual-Access2
Check your running-config
Federico.
05-18-2010 07:48 AM
hi Federico,
In my config of ezvpn is the virtual-interface1
Regards
05-18-2010 08:12 AM
Angel,
Seems the connectivity is getting interrupted.
Can you confirm that Internet continue working fine from both the server and the client sides, when the VPN tunnel goes down?
Federico.
05-18-2010 08:24 AM
Hi Federico
yes the internet is working fine
regards
05-18-2010 08:35 AM
Angel,
Is this the only ezvpn client connecting to the ezvpn servers? Or do you have more clients, in that case are they failing as well?
Federico.
05-18-2010 09:01 AM
hi
only one ezvpn client conects to ezvpn server
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: