Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Security
- VPN
- L2L Ipsec VPN between RVL200 and ASA 5510 drops out
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
7018
Views
0
Helpful
5
Replies
L2L Ipsec VPN between RVL200 and ASA 5510 drops out
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2010 10:53 AM - edited 02-21-2020 04:42 PM
I'm trying to configure an L2L IPSEC vpn between an RVL200 and an ASA 5510. The VPN gets established and works great for 1-2 days, but eventually the RVL starts re-establishing the session at IKE phase 1 and disconnecting immediately after the second phase 2 SA establishes. It does this repeatedly, about every 6 seconds. Eventually the tunnel will stay up, but the ASA will no longer send any traffic through it (even though the routes and access lists are unchanged).
Is there a reason why the RVL200 would be doing this?
I'm using a DPD interval of 10 seconds and 28,800 second keepalives, and I can provide debug logs and configs if needed.
Thanks
Labels:
- Labels:
-
IPSEC
5 Replies 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-29-2010 02:54 PM
Hi,
Is just traffic that won't pass or the tunnel actual drops?
What does those debug logs say?
Federico.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2010 06:50 AM
After the VPN stops flapping, the tunnel stays up but no traffic is sent. The ASA shows several packets decapsulated but zero packets encapsulated.
Here is the debug log for the RVL200 while the VPN is flapping:
Jun 28 17:53:11 2010 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Jun 28 17:53:11 2010 VPN Log Received Vendor ID payload Type = [draft-ietf-ipsec-nat-t-ike-03]
Jun 28 17:53:11 2010 VPN Log Ignoring Vendor ID payload [4048b7d56ebce885...]
Jun 28 17:53:11 2010 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
Jun 28 17:53:11 2010 VPN Log [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
Jun 28 17:53:11 2010 VPN Log Ignoring Vendor ID payload Type = [Cisco-Unity]
Jun 28 17:53:11 2010 VPN Log Ignoring Vendor ID payload Type = [XAUTH]
Jun 28 17:53:11 2010 VPN Log Ignoring Vendor ID payload [e6cff4c9fd8ac3de...]
Jun 28 17:53:11 2010 VPN Log Ignoring Vendor ID payload [1f07f70eaa6514d3...]
Jun 28 17:53:11 2010 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
Jun 28 17:53:11 2010 VPN Log NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
Jun 28 17:53:11 2010 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
Jun 28 17:53:11 2010 VPN Log Received Vendor ID payload Type = [Dead Peer Detection]
Jun 28 17:53:11 2010 VPN Log [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
Jun 28 17:53:11 2010 VPN Log [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Jun 28 17:53:11 2010 VPN Log [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
Jun 28 17:53:12 2010 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet
Jun 28 17:53:12 2010 VPN Log [Tunnel Negotiation Info] Inbound SPI value = 2487fe79
Jun 28 17:53:12 2010 VPN Log [Tunnel Negotiation Info] Outbound SPI value = d6e3a228
Jun 28 17:53:13 2010 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet
Jun 28 17:53:13 2010 VPN Log [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Jun 28 17:53:13 2010 VPN Log [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
Jun 28 17:53:13 2010 VPN Log [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet
Jun 28 17:53:13 2010 VPN Log [Tunnel Negotiation Info] Inbound SPI value = 2487fe7a
Jun 28 17:53:13 2010 VPN Log [Tunnel Negotiation Info] Outbound SPI value = fe84fbf4
Jun 28 17:53:13 2010 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet
Jun 28 17:53:13 2010 VPN Log [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Jun 28 17:53:17 2010 VPN Log [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
(repeats from here)
ASA log:
Jun 15 14:08:41 [IKEv1]: IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 160
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , processing SA payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , Oakley proposal is acceptable
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , processing VID payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , Received NAT-Traversal ver 03 VID
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , processing VID payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , processing VID payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , processing VID payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , Received DPD VID
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , processing IKE SA payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , IKE SA Proposal # 1, Transform # 0 acceptable Matches global IKE entry # 5
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , constructing ISAKMP SA payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , constructing NAT-Traversal VID ver 03 payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , constructing Fragmentation VID + extended capabilities payload
Jun 15 14:08:41 [IKEv1]: IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 124
Jun 15 14:08:41 [IKEv1]: IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 228
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , processing ke payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , processing ISA_KE payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , processing nonce payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , processing NAT-Discovery payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , computing NAT Discovery hash
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , processing NAT-Discovery payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , computing NAT Discovery hash
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , constructing ke payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , constructing nonce payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , constructing Cisco Unity VID payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , constructing xauth V6 VID payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , Send IOS VID
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , constructing VID payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , constructing NAT-Discovery payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , computing NAT Discovery hash
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , constructing NAT-Discovery payload
Jun 15 14:08:41 [IKEv1 DEBUG]: IP = , computing NAT Discovery hash
Jun 15 14:08:41 [IKEv1]: IP = , Connection landed on tunnel_group DefaultL2LGroup
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Generating keys for Responder...
Jun 15 14:08:41 [IKEv1]: IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + NONE (0) total length : 304
Jun 15 14:08:41 [IKEv1]: IP = , IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + NONE (0) total length : 64
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing ID payload
Jun 15 14:08:41 [IKEv1 DECODE]: Group = DefaultL2LGroup, IP = , ID_IPV4_ADDR ID received
192.168.2.102
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing hash payload
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Computing hash for ISAKMP
Jun 15 14:08:41 [IKEv1]: Group = DefaultL2LGroup, IP = , Automatic NAT Detection Status: Remote end IS behind a NAT device This end is NOT behind a NAT device
Jun 15 14:08:41 [IKEv1]: IP = , Connection landed on tunnel_group DefaultL2LGroup
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing ID payload
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing hash payload
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Computing hash for ISAKMP
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing dpd vid payload
Jun 15 14:08:41 [IKEv1]: IP = , IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + ID (5) + HASH (8) + VENDOR (13) + NONE (0) total length : 84
Jun 15 14:08:41 [IKEv1]: Group = DefaultL2LGroup, IP = , PHASE 1 COMPLETED
Jun 15 14:08:41 [IKEv1]: IP = , Keep-alive type for this connection: DPD
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Starting P1 rekey timer: 21600 seconds.
Jun 15 14:08:41 [IKEv1 DECODE]: IP = , IKE Responder starting QM: msg id = 660136e6
Jun 15 14:08:41 [IKEv1]: IP = , IKE_DECODE RECEIVED Message (msgid=660136e6) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 196
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing hash payload
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing SA payload
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing nonce payload
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing ID payload
Jun 15 14:08:41 [IKEv1 DECODE]: Group = DefaultL2LGroup, IP = , ID_IPV4_ADDR_SUBNET ID received--192.168.2.16--255.255.255.248
Jun 15 14:08:41 [IKEv1]: Group = DefaultL2LGroup, IP = , Received remote IP Proxy Subnet data in ID Payload: Address 192.168.2.16, Mask 255.255.255.248, Protocol 0, Port 0
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing ID payload
Jun 15 14:08:41 [IKEv1 DECODE]: Group = DefaultL2LGroup, IP = , ID_IPV4_ADDR_SUBNET ID received--10.0.0.0--255.0.0.0
Jun 15 14:08:41 [IKEv1]: Group = DefaultL2LGroup, IP = , Received local IP Proxy Subnet data in ID Payload: Address 10.0.0.0, Mask 255.0.0.0, Protocol 0, Port 0
Jun 15 14:08:41 [IKEv1]: Group = DefaultL2LGroup, IP = , QM IsRekeyed old sa not found by addr
Jun 15 14:08:41 [IKEv1]: Group = DefaultL2LGroup, IP = , Static Crypto Map check, checking map = remoteVPN, seq = 40...
Jun 15 14:08:41 [IKEv1]: Group = DefaultL2LGroup, IP = , Static Crypto Map check, map = remoteVPN, seq = 40, ACL does not match proxy IDs src:192.168.2.16 dst:10.0.0.0
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Jun 15 14:08:41 [IKEv1]: Group = DefaultL2LGroup, IP = , IKE Remote Peer configured for crypto map: remoteIPSEC
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing IPSec SA payload
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , IPSec SA Proposal # 0, Transform # 0 acceptable Matches global IPSec SA entry # 1
Jun 15 14:08:41 [IKEv1]: Group = DefaultL2LGroup, IP = , IKE: requesting SPI!
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , IKE got SPI from key engine: SPI = 0x93c61514
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , oakley constucting quick mode
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing blank hash payload
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing IPSec SA payload
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing IPSec nonce payload
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing proxy ID
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Transmitting Proxy Id:
Remote subnet: 192.168.2.16 Mask 255.255.255.248 Protocol 0 Port 0
Local subnet: 10.0.0.0 mask 255.0.0.0 Protocol 0 Port 0
Jun 15 14:08:41 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing qm hash payload
Jun 15 14:08:41 [IKEv1 DECODE]: Group = DefaultL2LGroup, IP = , IKE Responder sending 2nd QM pkt: msg id = 660136e6
Jun 15 14:08:41 [IKEv1]: IP = , IKE_DECODE SENDING Message (msgid=660136e6) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 160
Jun 15 14:08:43 [IKEv1]: IP = , IKE_DECODE RECEIVED Message (msgid=660136e6) with payloads : HDR + HASH (8) + NONE (0) total length : 52
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing hash payload
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , loading all IPSEC SAs
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Generating Quick Mode Key!
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , NP encrypt rule look up for crypto map remoteIPSEC 1 matching ACL Unknown: returned cs_id=ad385890; rule=00000000
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Generating Quick Mode Key!
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , NP encrypt rule look up for crypto map remoteIPSEC 1 matching ACL Unknown: returned cs_id=ad385890; rule=00000000
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , Security negotiation complete for LAN-to-LAN Group (DefaultL2LGroup) Responder, Inbound SPI = 0x93c61514, Outbound SPI = 0x1e8d4b4b
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , IKE got a KEY_ADD msg for SA: SPI = 0x1e8d4b4b
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Pitcher: received KEY_UPDATE, spi 0x93c61514
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Starting P2 rekey timer: 27358 seconds.
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , PHASE 2 COMPLETED (msgid=660136e6)
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , Adding static route for L2L peer coming in on a dynamic map. address: 192.168.2.16, mask: 255.255.255.248
Jun 15 14:08:43 [IKEv1 DECODE]: IP = , IKE Responder starting QM: msg id = 101acf86
Jun 15 14:08:43 [IKEv1]: IP = , IKE_DECODE RECEIVED Message (msgid=101acf86) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 196
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing hash payload
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing SA payload
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing nonce payload
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing ID payload
Jun 15 14:08:43 [IKEv1 DECODE]: Group = DefaultL2LGroup, IP = , ID_IPV4_ADDR_SUBNET ID received--192.168.2.16--255.255.255.248
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , Received remote IP Proxy Subnet data in ID Payload: Address 192.168.2.16, Mask 255.255.255.248, Protocol 0, Port 0
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing ID payload
Jun 15 14:08:43 [IKEv1 DECODE]: Group = DefaultL2LGroup, IP = , ID_IPV4_ADDR_SUBNET ID received--10.0.0.0--255.0.0.0
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , Received local IP Proxy Subnet data in ID Payload: Address 10.0.0.0, Mask 255.0.0.0, Protocol 0, Port 0
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , Static Crypto Map check, checking map = remoteVPN, seq = 40...
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , Static Crypto Map check, map = remoteVPN, seq = 40, ACL does not match proxy IDs src:192.168.2.16 dst:10.0.0.0
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-Traversal
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , IKE Remote Peer configured for crypto map: remoteIPSEC
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing IPSec SA payload
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , IPSec SA Proposal # 0, Transform # 0 acceptable Matches global IPSec SA entry # 1
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , IKE: requesting SPI!
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Active unit process rekey delete event for remote peer .
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , IKE got SPI from key engine: SPI = 0xc048d54a
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , oakley constucting quick mode
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing blank hash payload
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing IPSec SA payload
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing IPSec nonce payload
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing proxy ID
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Transmitting Proxy Id:
Remote subnet: 192.168.2.16 Mask 255.255.255.248 Protocol 0 Port 0
Local subnet: 10.0.0.0 mask 255.0.0.0 Protocol 0 Port 0
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , constructing qm hash payload
Jun 15 14:08:43 [IKEv1 DECODE]: Group = DefaultL2LGroup, IP = , IKE Responder sending 2nd QM pkt: msg id = 101acf86
Jun 15 14:08:43 [IKEv1]: IP = , IKE_DECODE SENDING Message (msgid=101acf86) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 160
Jun 15 14:08:43 [IKEv1]: IP = , IKE_DECODE RECEIVED Message (msgid=101acf86) with payloads : HDR + HASH (8) + NONE (0) total length : 52
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing hash payload
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , loading all IPSEC SAs
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Generating Quick Mode Key!
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , NP encrypt rule look up for crypto map remoteIPSEC 1 matching ACL Unknown: returned cs_id=ad385890; rule=00000000
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Generating Quick Mode Key!
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , NP encrypt rule look up for crypto map remoteIPSEC 1 matching ACL Unknown: returned cs_id=ad385890; rule=00000000
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , Security negotiation complete for LAN-to-LAN Group (DefaultL2LGroup) Responder, Inbound SPI = 0xc048d54a, Outbound SPI = 0x1e8d4b4c
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , IKE got a KEY_ADD msg for SA: SPI = 0x1e8d4b4c
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Pitcher: received KEY_UPDATE, spi 0xc048d54a
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Starting P2 rekey timer: 27360 seconds.
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , PHASE 2 COMPLETED (msgid=101acf86)
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , Adding static route for L2L peer coming in on a dynamic map. address: 192.168.2.16, mask: 255.255.255.248
Jun 15 14:08:43 [IKEv1]: IP = , IKE_DECODE RECEIVED Message (msgid=9fedaced) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing hash payload
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing delete
Jun 15 14:08:43 [IKEv1]: Group = DefaultL2LGroup, IP = , Connection terminated for peer DefaultL2LGroup. Reason: Peer Terminate Remote Proxy 192.168.2.16, Local Proxy 10.0.0.0
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Active unit receives a delete event for remote peer .
Jun 15 14:08:43 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , IKE Deleting SA: Remote Proxy 192.168.2.16, Local Proxy 10.0.0.0
Jun 15 14:08:43 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xc048d54a
Jun 15 14:08:43 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xc048d54a
Jun 15 14:08:43 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x1e8d4b4c
Jun 15 14:08:44 [IKEv1]: IP = , IKE_DECODE RECEIVED Message (msgid=5d1605d1) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 68
Jun 15 14:08:44 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing hash payload
Jun 15 14:08:44 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing delete
Jun 15 14:08:44 [IKEv1]: Group = DefaultL2LGroup, IP = , IKE Received delete for rekeyed centry IKE peer: 192.168.2.16, centry addr: ae5c4b20, msgid: 0x660136e6
Jun 15 14:08:44 [IKEv1]: IP = , IKE_DECODE RECEIVED Message (msgid=bd3d15a) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 80
Jun 15 14:08:44 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing hash payload
Jun 15 14:08:44 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , processing delete
Jun 15 14:08:44 [IKEv1]: Group = DefaultL2LGroup, IP = , Connection terminated for peer DefaultL2LGroup. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
Jun 15 14:08:44 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , Active unit receives a delete event for remote peer .
Jun 15 14:08:44 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , IKE Deleting SA: Remote Proxy 192.168.2.16, Local Proxy 10.0.0.0
Jun 15 14:08:44 [IKEv1]: Group = DefaultL2LGroup, IP = , Deleting static route for L2L peer that came in on a dynamic map. address: 192.168.2.16, mask: 255.255.255.248
Jun 15 14:08:44 [IKEv1]: MSG_FSM_QM lookup failed (handle 660136e6)!
Jun 15 14:08:44 [IKEv1 DEBUG]: Group = DefaultL2LGroup, IP = , IKE SA MM:1c75c630 terminating: flags 0x01000802, refcnt 0, tuncnt 0
Jun 15 14:08:44 [IKEv1]: Group = DefaultL2LGroup, IP = , Session is being torn down. Reason: User Requested
Jun 15 14:08:44 [IKEv1]: Ignoring msg to mark SA with dsID 4358144 dead because SA deleted
Jun 15 14:08:44 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x93c61514
Jun 15 14:08:44 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0x1e8d4b4b
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2010 09:39 AM
I am doing RA with some Avaya 4610SW phones and one also drops every few seconds.
Jan 08 02:28:02 [IKEv1]: IP = 192.168.72.103, IKE_DECODE RECEIVED Message (msgid=7a52) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 64
Jan 08 02:28:02 [IKEv1 DEBUG]: Group = VPNPHONE, Username = Phone3, IP = 192.168.72.103, processing hash payload
Jan 08 02:28:02 [IKEv1 DEBUG]: Group = VPNPHONE, Username = Phone3, IP = 192.168.72.103, processing delete
Jan 08 02:28:02 [IKEv1]: Group = VPNPHONE, Username = Phone3, IP = 192.168.72.103, Connection terminated for peer Phone3. Reason: Peer Terminate Remote Proxy 192.168.72.102, Local Proxy 0.0.0.0
Jan 08 02:28:02 [IKEv1 DEBUG]: Group = VPNPHONE, Username = Phone3, IP = 192.168.72.103, Active unit receives a delete event for remote peer 192.168.72.103.
Jan 08 02:28:02 [IKEv1 DEBUG]: Group = VPNPHONE, Username = Phone3, IP = 192.168.72.103, IKE Deleting SA: Remote Proxy 192.168.72.102, Local Proxy 0.0.0.0
Jan 08 02:28:02 [IKEv1 DEBUG]: Group = VPNPHONE, Username = Phone3, IP = 192.168.72.103, IKE SA AM:dd67ac05 rcv'd Terminate: state AM_ACTIVE flags 0x00419041, refcnt 1, tuncnt 0
Jan 08 02:28:02 [IKEv1 DEBUG]: Group = VPNPHONE, Username = Phone3, IP = 192.168.72.103, IKE SA AM:dd67ac05 terminating: flags 0x01419001, refcnt 0, tuncnt 0
Jan 08 02:28:02 [IKEv1 DEBUG]: Group = VPNPHONE, Username = Phone3, IP = 192.168.72.103, sending delete/delete with reason message
Jan 08 02:28:02 [IKEv1 DEBUG]: Group = VPNPHONE, Username = Phone3, IP = 192.168.72.103, constructing blank hash payload
Jan 08 02:28:02 [IKEv1 DEBUG]: Group = VPNPHONE, Username = Phone3, IP = 192.168.72.103, constructing IKE delete payload
Jan 08 02:28:02 [IKEv1 DEBUG]: Group = VPNPHONE, Username = Phone3, IP = 192.168.72.103, constructing qm hash payload
Jan 08 02:28:02 [IKEv1]: IP = 192.168.72.103, IKE_DECODE SENDING Message (msgid=5c1d0c35) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 76
Jan 08 02:28:02 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xda338201
Jan 08 02:28:02 [IKEv1 DEBUG]: Pitcher: received key delete msg, spi 0xc2b01b8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-04-2010 02:31 PM
Found that ISAKMP kept dropping and re-establishing because routing wasn't allowing responses from the Avaya.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2010 09:45 AM
The issue no longer reproduces after I disabled Dead Peer Detection and keepalives on the RVL200 two weeks ago. I suspect a bug in the DPD code is causing the RVL to constantly think that it needs to re-establish the connection.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
Customers Also Viewed These Support Documents