WRVS4400N VPN Connectivity issue

balloonman01 · ‎12-08-2011

Hi -

I have 2 WRVS4400N's installed in our network, one at each end of a VPN tunnel between 2 physical locations. I continue to have issues with the VPN to "Stay" connected, even after purchasing another new WRVS4400N 4 months ago. I can reboot both routers, and the VPN connects with no problem, but hangs up after a few hours / days (no pattern).

I am taking a hard look at the issue now, as about 1 month ago, the newest router "automagically" reset it itself back to factory settings (thus interrupting nearly everything in our network). After contacting support, we reset the router and re-configured it to our environment. It is plugged into a surge protected UPS (yep, I thought maybe a power issue caused the problem, but it's not). Then about 1 week ago, the other/older (9 month old) router lost it's configuration. again, reset it and all works. Including the VPN, but the VPN still works as it did before.... connects for a while, but then drops and generally I need to reboot the router to get it connected again (clicking on the Connect on either router doesn't work until after a reboot).

Also, in light of the recent "lost configurations", I turned on logging and now I'm getting TONS of emails of log activity, even when the network is idle (no users, no background jobs running). Yep, this sounds great, but I dont' know how to read the messages (there in english, but don't make any sense to me).

after rebooting and no inter activity, I get this kind of log, all night long (to me it generally looks like the VPN connection resets and increments by 1... I'm taking a guess that the increment hits a limit someplace and I lose my VPN).

Dec 8 05:30:17 - [VPN Log]: "GB-VPN" #13: received Delete SA payload: deleting ISAKMP State #13

Dec 8 05:30:17 - [VPN Log]: "GB-VPN" #13: received and ignored informational message

Dec 8 05:30:17 - [VPN Log]: "GB-VPN" #11: received Delete SA payload: deleting ISAKMP State #11

Dec 8 05:30:17 - [VPN Log]: "GB-VPN" #11: received and ignored informational message

Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [Dead Peer Detection]

Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [RFC 3947] method set to9

Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth8, but already using method 109

Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth7, but already using method 109

Dec 8 05:31:50 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'

Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: responding to Aggressive Mode, state #15, connection "GB-VPN" from 67.76.xxx.xxx

Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1

Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: STATE_AGGR_R1: sent AR1, expecting AI2

Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'

Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: transition from state STATE_AGGR_R1 to state STATE_AGGR_R2

Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #15: STATE_AGGR_R2: ISAKMP SA established {auth=KLEY_PRESHARED_KEY cipher=kley_3des_cbc_192 prf=kley_md5 group=dp768}

Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: responding to Quick Mode {msgid:f3119ce2}

Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1

Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2

Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

Dec 8 05:31:50 - [VPN Log]: "GB-VPN" #16: STATE_QUICK_R2: IPsec SA established {ESP=x267c1391 <0xe101ca37 xfrm=ES_0-HMAC_MD5 NATD=ne DPD=ne}

6737667.

more ....

Subject: WRVS4400N Security Log [FE:68:6F]

Dec 8 14:56:26 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [RFC 3947] method set to9

Dec 8 14:56:26 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth8, but already using method 109

Dec 8 14:56:26 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth7, but already using method 109

Dec 8 14:56:26 - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'

Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: responding to Aggressive Mode, state #39, connection "GB-VPN" from 67.76.xxx.xxx

Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1

Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: STATE_AGGR_R1: sent AR1, expecting AI2

Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'

Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: transition from state STATE_AGGR_R1 to state STATE_AGGR_R2

Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #39: STATE_AGGR_R2: ISAKMP SA established {auth=KLEY_PRESHARED_KEY cipher=kley_3des_cbc_192 prf=kley_md5 group=dp768}

Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #40: responding to Quick Mode {msgid:e11762ec}

Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #40: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1

Dec 8 14:56:26 - [VPN Log]: "GB-VPN" #40: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2

Dec 8 14:56:27 - [VPN Log]: "GB-VPN" #40: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

Dec 8 14:56:27 - [VPN Log]: "GB-VPN" #40: STATE_QUICK_R2: IPsec SA established {ESP=x267c139d <0xe101ca43 xfrm=ES_0-HMAC_MD5 NATD=ne DPD=ne}

Dec 8 15:05:19 - [VPN Log]: packet from 67.76.xxx.xxx:500: Informational Exchange is for an unknown (expired?) SA

also, I get this log quite often, but have no clue what it means, or if I should be concerned (but generally when the network is in use, but not neccessarily the VPN connection)

:

Dec 8 04:09:38 - klips_debug:pfkey_acquire: no sockets registered for SAtype=ESP).

also, I get this log often on one of the routers, but not so much on the other (and have no idea what this is):

Nov 27 00:22:22 - hit KRIS_DDOS_TYPE

Nov 27 00:25:26 - hit KRIS_DDOS_TYPE

thanks guys,

Brian

mikhail.brunes · ‎02-06-2013

I have this same issue. I also tried creating continuous traffic across the vpns via ping /t but no dice. The logs are not helpful for me either. Any ideas?

Tom Watts · ‎02-09-2013

This entry is for IPS

Nov 27 00:25:26 - hit KRIS_DDOS_TYPE

Most of the other entries are VPN exchanges. You can disable the IPS to lighten the router load.

Can you post screenshot of both VPN configurations?

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

mikhail.brunes · ‎02-15-2013

I have actually tried this as well and the connections still go down at random.

mikhail.brunes · ‎02-19-2013

Both of these vpn's terminate to a sonicwall. One is the sonicwall at corp HQ and one at HR HQ. These sonicwalls are also linked to each other via a static vpn route. The keys are set i just removed them for security.

mikhail.brunes · ‎02-19-2013

These are the logs i am so far not able to post pictures.

*Ok i guess i got the screenshots in*

mikhail.brunes · ‎02-26-2013

Any ideas? The connection i consistently have problems with is BAX.