Cisco RV082 to ASA 5510 tunnel freezes after 8 hours.

Unanswered Question
Apr 19th, 2012

I have a RV082 that has an issue keeping an IPSEC Gateway to Gateway VPN running from itself to our ASA 5510.

At 8 hours of connectivity (I can almost set a clock to it) the Tunnel will say it is connected on the RV082 but on the ASA 5510 the tunnel is not up.

If I click on disconnect on the RV082 under the VPN Summary page things will come back up. from the ASA 5510 side there is nothing I can do to get things back (ping inside "vpn network" or even trying to make a connection to a networked VPN machine).

To make things more complicated I have another VPN on the RV082 to a PIX 506e that works with no issues. I also have another RV082 at another location with the same settings that keeps its tunnel with the ASA 5510 with out any issue.

Some things I have tried to try and fix the issue are:

I upgrade the firmware on the Rv082 V3 from 4.0.0.7-tm (what it was shipped with) to 4.1.1.01-sp) - This seemed to have no effect.

on the RV082 I have changed the MTU from automatic to 1428 and 1452 - all this does is make the connection to the PIX 506e unstable like it is for the ASA 5510 I have changed this back to automatic.

since the time of stability seems to be 8 hours I have changed the "Phase 1 SA life time" and "Phase 2 SA life time" to 28800 both at the same time and individually - This seemed to have no effect.

The current configuration on the RV082 are:

Local security gateway type: IP Only

IP address: (local ISP provided static IP address)

Local security group type: subnet

IP address: 192.168.30.0

subnetmask: 255.255.255.0

Remote security gateway type: IP only

IP address: Remote address provided by ISP

Remote Security type: Subnet

IP address: 192.168.26.0

subnet mask: 255.255.255.0

Keying mode: IKE with Preshared key

Phase 1 DH Group: Group 2 - 1024 bit

Phase 1 Encryption: 3DES

Phase 1 Authorentication: MD5

PHase 1 SA Life Time: 86400

Perfect forward secrecy: is not checked.

Phase 2 DH Group: Group 2 - 1024 bit

Phase 2 Encryption: 3DES

phase 2 Authentication: MD5

Phase 2 SA Life Time: 86400

Preshared key: <shared-key>

Minimum Preshared Key Complexity: is checked

Preshared Key Strength meter: goes to 2 green boxes.

advanced setting nothing is set up.

 

ASA IPSEC related settings for this VPN:

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto ipsec df-bit clear-df inside

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map internet_map 7 match address internet_cryptomap_7

crypto map internet_map 7 set peer (Static_IP_ADDRESS)

crypto map internet_map 7 set transform-set ESP-3DES-MD5

crypto map internet_map 7 set reverse-route

crypto isakmp enable internet

crypto isakmp policy 4

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 10

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

tunnel-group (Static_IP_ADDRESS) type ipsec-l2l

tunnel-group (Static_IP_ADDRESS) ipsec-attributes

pre-shared-key <shared-key>

thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
rocater Fri, 04/20/2012 - 06:40

Hello Jim,

Given the time problem I would say it is the lifetime that is causing the issue. I know you mentioned changing the lifetime settings as well, but there is still this line-

"crypto ipsec security-association lifetime seconds 28800"

I wish there was more I could do for you but my ASA knowledge is limited.

rmanthey Fri, 04/20/2012 - 06:49

Jim,

What is the Crypto map that is assigned to the outside (internet) interface? Verify the ASA dosn't have PFS turned on, because it is on by default.

hope this helps



Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

james.blish Fri, 04/20/2012 - 09:08

Thank you Robert,

The problem is that I don't want to change the ASA it has 4 working VPN's on it already and if i make a change on the ASA i could be ruining those stable VPN's you wouldn't by any chance know if the:

crypto ipsec security-association lifetime seconds 28800

corrilates with Phase 1 or Phase 2 as defined by the RV082 (I have been assuming that it is phase 1 but my brain has become broken on this issue)

Hello Randy,

for the default crypto map I believe this is it:

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1

I see that PFS is turned on I will try adjusting that this evening/weekend on the RV082 (again don't want to make sweeping changes on the ASA as it is the more important and stable piece in this) and let you know how things go.

james.blish Fri, 04/20/2012 - 20:55

i've changed the phase 1 to 28800 again we will see if this makes it.

james.blish Sat, 04/21/2012 - 07:49

after the change the colapse happened at 6 hours instead of 8. change phase 1 back to 86400 and phase 2 to 28800. also tried pfs with 86400 on both phases and still no connection can be made.

when pfs is checked the error I see that I believe is the issue for connectivity is

#171: Sending encrypted notification NO_PROPOSAL_CHOSEN to (STATIC_IP_ADDRESS):500

Deleteing connection

any other ideas?

will notify again when tunnel colapses again or if it is stable with phase 2 at 28800

james.blish Sun, 04/22/2012 - 20:47

had crash with 28800 for phase 2 and put it for both phases on the RV082 still 8 hour drops. I changed the advanced to "agressive mode" the tunnel stayed up for 18 hours with that but after colapse could not connect again until agressive mode was turned off.

Any other ideas?

rmanthey Mon, 04/23/2012 - 07:02

Jim,

Is PFS on for Phase 2 on the ASA? how about the RV? What DH group on both? it looks like group1 on the ASA.

Does phase 2 ever rekey correctly?

What is the lifetime for phase 1?

Does Phase 1 stay connected?

what happens if you run a constant ping through the tunnel, does it stay up longer than the 8 hours?

Are the Date and times correct on both devices?

Can you provide the settings of the RV?

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

james.blish Mon, 04/23/2012 - 13:15

Hello Randy,

For PFS on the ASA I believe it is on phase 1: 

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1

on the RV it isn't turned on at all when it is checked the VPN tunnel never connects.

I have no idea if the phase 2 is ever rekeyed if you tell me how I can check that I will look.

Lifetime for phase 1 is 28800 if I am reading correctly:

crypto ipsec security-association lifetime seconds 28800

on the RV if I set this uptime seems to drop to 5 hours so currently it is set at 86400

phase 1 seems to stay connected on both devices I am not sure how to check this as well.

If I do a constant ping from the asa to RV (and the other way around) the tunnel still drops at 8 hours. In fact the tunnel will go down in the middle of the day if I do not premtively drop it and bring it up while people are using the connection.

the dates on both systems are the same and use NTP to stay in check. the RV082 has the daylight savings pieces put in.

Is there a way to scrub the RV's export and I will post it but with a straight export it is semi encoded and I would rather not have my passwords and ip addresses posted to the internet if I could avoid it.

rmanthey Mon, 04/23/2012 - 14:26

Jim,

I would recommend you call into the 1866-606-1866 and create a case so your configuration can remain confidential.

On the ASA CLI you could run:

Show crypto isakmp sa      - phase 1

show crypto ipsec sa         - phase 2

Just the logs on the RV is the only place to see if it is attempting to re-key.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

james.blish Mon, 04/23/2012 - 21:22

Hello Randy,

from the ASA:

Show crypto isakmp sa

4   IKE Peer: (IP address)
    Type    : user            Role    : initiator
    Rekey   : no              State   : MM_WAIT_MSG2

Show crypto ipsec sa

from the RV there is nothing that happens before the crash for 4 hours (crash happened at 20:55)

Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: ignoring Vendor ID payload [XAUTH] 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: ignoring Vendor ID payload [XAUTH] 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: received Vendor ID payload [Dead Peer Detection] 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: received Vendor ID payload [Dead Peer Detection] 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: ignoring Vendor ID payload [Cisco-Unity] 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: ignoring Vendor ID payload [Cisco-Unity] 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: ignoring Vendor ID payload [e3c2cddc6781d12ba5d08759c31a6d90] 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: ignoring Vendor ID payload [e3c2cddc6781d12ba5d08759c31a6d90] 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: Peer ID is ID_IPV4_ADDR: ipaddress
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established 
Apr 23 17:40:21 2012 VPN Log (g2gips0) #2099: ISAKMP SA established 
Apr 23 17:41:11 2012 VPN Log (g2gips0) #2088: received Delete SA payload: deleting ISAKMP State #2088 
Apr 23 17:41:11 2012 VPN Log (g2gips0) #2088: received Delete SA payload: deleting ISAKMP State #2088 
Apr 23 21:07:49 2012 System Log HTTP Basic authentication success for user: admin 

rmanthey Tue, 04/24/2012 - 10:25

Hello Jim,

It looks like Phase 1 keeps rekeying. Does the RV082 have a public or private IP address on the WAN? Do you have NAT-T setup on the VPN?

If you are using a public IP is it static or DHCP?

RV?

ASA?

Can you set the Vendor-ID on the ASA to its outside IP address?

If all that is fine or can be done. I would recommend trying to turn off PFS on phase 1.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

james.blish Tue, 04/24/2012 - 12:11

Hello Randy,

The RV has a static public IP address. (as does the ASA)

only the ASA has NAT-T working on it the RV is strictly NAT outgoing only.

I'm not sure what you mean by set the Vendor-ID on the ASA to its outside IP address.

I will try turning off the PFS on the ASA with a: "no crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1" this evening

james.blish Wed, 04/25/2012 - 09:24

Thank you Randy,

The removal of PFS seems to have worked the tunnel has now been up for 12 hours. after 48 hours if things are still good I will say everything is good.

rmanthey Wed, 04/25/2012 - 09:33

Most likely some thing in the shared secret DH values are not matching when hashed.

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

james.blish Wed, 04/25/2012 - 12:28

And I spoke to soon. the routers at about 15 hours uptime the tunnel colapsed.

I didn't have time to grab any of the ASA information.

but here is the log from the RV082

Apr 25 04:34:03 2012 VPN Log (g2gips0) #2134: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established 

Apr 25 04:34:03 2012 VPN Log (g2gips0) #2134: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established 

Apr 25 04:34:03 2012 VPN Log (g2gips0) #2134: ISAKMP SA established 

Apr 25 04:34:23 2012 VPN Log (g2gips0) #2126: received Delete SA(0x5d1033a3) payload: deleting IPSEC State #2127 

Apr 25 04:34:23 2012 VPN Log (g2gips0) #2126: received Delete SA(0x5d1033a3) payload: deleting IPSEC State #2127 

Apr 25 08:22:50 2012 System Log HTTP Basic authentication success for user: admin 

Apr 25 12:12:48 2012 System Log HTTP Basic authentication success for user: admin 

Apr 25 12:13:02 2012 VPN Log (g2gips1): terminating SAs using this connection 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2132: deleting state (STATE_QUICK_I2) 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2130: deleting state (STATE_MAIN_R3) 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: initiating Main Mode 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000] 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000] 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [Cisco-Unity] 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [Cisco-Unity] 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [XAUTH] 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [XAUTH] 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [7e420be1beab43a69ad733fc7575fa04] 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [7e420be1beab43a69ad733fc7575fa04] 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [Cisco VPN 3000 Series] 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [Cisco VPN 3000 Series] 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: received Vendor ID payload [Dead Peer Detection] 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: received Vendor ID payload [Dead Peer Detection] 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: Peer ID is ID_IPV4_ADDR: '' 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ISAKMP SA established 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: initiating Quick Mode PSK+ENCRYPT+TUNNEL {using isakmp#2135} 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1. 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1. 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] Inbound SPI value = a3811a38 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] Inbound SPI value = a3811a38 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] Outbound SPI value = b68751cd 

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] Outbound SPI value = b68751cd 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2136: sent QI2, IPsec SA established {ESP=>0xb68751cd <0xa3811a38 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: initiating Quick Mode PSK+ENCRYPT+TUNNEL {using isakmp#2135} 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1. 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1. 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] Inbound SPI value = 405d2a04 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] Inbound SPI value = 405d2a04 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] Outbound SPI value = d64d6af1 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] Outbound SPI value = d64d6af1 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected 

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: sent QI2, IPsec SA established {ESP=>0xd64d6af1 <0x405d2a04 

Apr 25 12:13:04 2012 VPN Log (g2gips1) #2135: received Delete SA(0xb68751cd) payload: deleting IPSEC State #2136 

Apr 25 12:13:04 2012 VPN Log (g2gips1) #2135: received Delete SA(0xb68751cd) payload: deleting IPSEC State #2136 

Apr 25 12:13:08 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 

Apr 25 12:13:08 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 

Apr 25 12:13:08 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 

Apr 25 12:13:08 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 

Apr 25 12:13:08 2012 VPN Log packet from :500: received Vendor ID payload [RFC 3947] 

Apr 25 12:13:08 2012 VPN Log packet from :500: received Vendor ID payload [RFC 3947] 

Apr 25 12:13:08 2012 VPN Log packet from :500: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000] 

Apr 25 12:13:08 2012 VPN Log packet from :500: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000] 

Apr 25 12:13:08 2012 VPN Log packet from :500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet 

Apr 25 12:13:08 2012 VPN Log packet from :500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: responding to Main Mode 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: OAKLEY_AES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: OAKLEY_AES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: OAKLEY_IDEA_CBC is not enabled for this connection. Attribute OAKLEY_HASH_ALGORITHM 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: OAKLEY_IDEA_CBC is not enabled for this connection. Attribute OAKLEY_HASH_ALGORITHM 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: OAKLEY_DES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: OAKLEY_DES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: ignoring Vendor ID payload [Cisco-Unity] 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: ignoring Vendor ID payload [Cisco-Unity] 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: ignoring Vendor ID payload [XAUTH] 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: ignoring Vendor ID payload [XAUTH] 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: ignoring Vendor ID payload [25f19f524de238c5e36def6eba419b65] 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: ignoring Vendor ID payload [25f19f524de238c5e36def6eba419b65] 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: ignoring Vendor ID payload [Cisco VPN 3000 Series] 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: ignoring Vendor ID payload [Cisco VPN 3000 Series] 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet 

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: received Vendor ID payload [Dead Peer Detection] 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: received Vendor ID payload [Dead Peer Detection] 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: Peer ID is ID_IPV4_ADDR: '' 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: sent MR3, ISAKMP SA established 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: ignoring informational payload, type IPSEC_INITIAL_CONTACT 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: ignoring informational payload, type IPSEC_INITIAL_CONTACT 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1. 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1. 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: responding to Quick Mode 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] Inbound SPI value = 3a8e85e2 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] Inbound SPI value = 3a8e85e2 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] Outbound SPI value = e4427e59 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] Outbound SPI value = e4427e59 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected 

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: IPsec SA established {ESP=>0xe4427e59 <0x3a8e85e2 

rmanthey Wed, 04/25/2012 - 12:48

What is the current status of your tunnel? is it up or down?

It looks like the RV is getting a message to delete the SA

Apr 25 12:13:04 2012 VPN Log (g2gips1) #2135: received Delete SA(0xb68751cd) payload: deleting IPSEC State #2136

Our router dosn't suport the bandwidth lifetime setting as seen in your ASA config here

crypto ipsec security-association lifetime kilobytes 4608000

= 450MB

Can you disable this setting, or do you know if you hit this bandwidth limit? The ASA would delete its IPsec SA and try to rekey but the RV would wait until the 28800 expires which is 8 hours

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

james.blish Wed, 04/25/2012 - 13:23

Hello Randy,

current status of tunnel is up. during the day people get very upset if its down for more then 5 minutes.

I will remove the lifetime associated with transfer rates tonight and see if that helps any.

james.blish Thu, 04/26/2012 - 03:12

Hello Randy,

I am getting the same kind of result after removing the lifetime for bytes.

19:18 was when I removed the lifetime

tunnel colapse happened about 02:50

(From ASA)

4   IKE Peer:
    Type    : user            Role    : initiator
    Rekey   : no              State   : MM_WAIT_MSG2

show crypto ipsec sa
again no information associated with the tunnel

(From RV)
Apr 25 19:18:10 2012 VPN Log (g2gips0) #2158: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet 
Apr 25 19:18:10 2012 VPN Log (g2gips0) #2158: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet 
Apr 25 19:19:20 2012 VPN Log (g2gips0) #2158: max number of retransmissions (2) reached STATE_MAIN_R2 
Apr 25 19:19:20 2012 VPN Log (g2gips0) #2158: max number of retransmissions (2) reached STATE_MAIN_R2 
Apr 26 02:52:47 2012 System Log HTTP Basic authentication success for user: admin 
Apr 26 03:03:59 2012 VPN Log (g2gips1): terminating SAs using this connection 
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2155: deleting state (STATE_QUICK_I2) 
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2154: deleting state (STATE_MAIN_I4) 
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: initiating Main Mode 
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet 
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet 
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000] 
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000] 
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet 
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet 
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [Cisco-Unity] 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [Cisco-Unity] 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [XAUTH] 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [XAUTH] 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [73e2f21aa703240dbf2899e6342d5019] 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [73e2f21aa703240dbf2899e6342d5019] 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [Cisco VPN 3000 Series] 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [Cisco VPN 3000 Series] 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: received Vendor ID payload [Dead Peer Detection] 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: received Vendor ID payload [Dead Peer Detection] 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: Peer ID is ID_IPV4_ADDR: '' 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ISAKMP SA established 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: initiating Quick Mode PSK+ENCRYPT+TUNNEL {using isakmp#2159} 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1. 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1. 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] Inbound SPI value = 49fb7769 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] Inbound SPI value = 49fb7769 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] Outbound SPI value = de0c34e 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] Outbound SPI value = de0c34e 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected 
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: sent QI2, IPsec SA established {ESP=>0x0de0c34e <0x49fb7769 
Apr 26 03:04:05 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 
Apr 26 03:04:05 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] 
Apr 26 03:04:05 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 
Apr 26 03:04:05 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 
Apr 26 03:04:05 2012 VPN Log packet from :500: received Vendor ID payload [RFC 3947] 
Apr 26 03:04:05 2012 VPN Log packet from :500: received Vendor ID payload [RFC 3947] 
Apr 26 03:04:05 2012 VPN Log packet from :500: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000] 
Apr 26 03:04:05 2012 VPN Log packet from :500: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000] 
Apr 26 03:04:05 2012 VPN Log packet from :500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet 
Apr 26 03:04:05 2012 VPN Log packet from :500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: responding to Main Mode 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: OAKLEY_AES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: OAKLEY_AES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: OAKLEY_IDEA_CBC is not enabled for this connection. Attribute OAKLEY_HASH_ALGORITHM 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: OAKLEY_IDEA_CBC is not enabled for this connection. Attribute OAKLEY_HASH_ALGORITHM 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: OAKLEY_DES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: OAKLEY_DES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [Cisco-Unity] 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [Cisco-Unity] 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [XAUTH] 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [XAUTH] 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [e1a78b672bb02bdb0be76dea8648fbd9] 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [e1a78b672bb02bdb0be76dea8648fbd9] 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [Cisco VPN 3000 Series] 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [Cisco VPN 3000 Series] 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: received Vendor ID payload [Dead Peer Detection] 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: received Vendor ID payload [Dead Peer Detection] 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: Peer ID is ID_IPV4_ADDR: '' 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: sent MR3, ISAKMP SA established 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring informational payload, type IPSEC_INITIAL_CONTACT 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring informational payload, type IPSEC_INITIAL_CONTACT 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1. 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1. 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: responding to Quick Mode 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] Inbound SPI value = 529a5ff9 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] Inbound SPI value = 529a5ff9 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] Outbound SPI value = eb9e4a76 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] Outbound SPI value = eb9e4a76 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected 
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: IPsec SA established {ESP=>0xeb9e4a76 <0x529a5ff9 

james.blish Tue, 05/08/2012 - 13:10

The final solution to this was to take the router to factory defaults again and rebuild the VPN tunnels I am not sure what could be kept as a flag on the RV082 but a factory reset was really the solution.

Actions

Login or Register to take actions

This Discussion

Posted April 19, 2012 at 12:29 PM
Stats:
Replies:19 Avg. Rating:
Views:3682 Votes:0
Shares:0

Related Content

Discussions Leaderboard