cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1716
Views
0
Helpful
6
Replies

WRVS4400N VPN Connectivity issue

balloonman01
Level 1
Level 1

Hi -

I have 2 WRVS4400N's installed in our network, one at each end of a VPN tunnel between 2 physical locations.  I continue to have issues with the VPN to "Stay" connected, even after purchasing another new WRVS4400N 4 months ago.  I can reboot both routers, and the VPN connects with no problem, but hangs up after a few hours / days (no pattern). 

I am taking a hard look at the issue now, as about 1 month ago, the newest router "automagically" reset it itself back to factory settings (thus interrupting nearly everything in our network).  After contacting support, we reset the router and re-configured it to our environment.  It is plugged into a surge protected UPS (yep, I thought maybe a power issue caused the problem, but it's not).  Then about 1 week ago, the other/older (9 month old) router lost it's configuration.  again, reset it and all works.  Including the VPN, but the VPN still works as it did before.... connects for a while, but then drops and generally I need to reboot the router to get it connected again (clicking on the Connect on either router doesn't work until after a reboot).

Also, in light of the recent "lost configurations", I turned on logging and now I'm getting TONS of emails of log activity, even when the network is idle (no users, no background jobs running).  Yep, this sounds great, but I dont' know how to read the messages (there in english, but don't make any sense to me).

after rebooting and no inter activity, I get this kind of log, all night long (to me it generally looks like the VPN connection resets and increments by 1... I'm taking a guess that the increment hits a limit someplace and I lose my VPN).

Dec  8 05:30:17  - [VPN Log]: "GB-VPN" #13: received Delete SA payload: deleting ISAKMP State #13

Dec  8 05:30:17  - [VPN Log]: "GB-VPN" #13: received and ignored informational message

Dec  8 05:30:17  - [VPN Log]: "GB-VPN" #11: received Delete SA payload: deleting ISAKMP State #11

Dec  8 05:30:17  - [VPN Log]: "GB-VPN" #11: received and ignored informational message

Dec  8 05:31:50  - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [Dead Peer Detection]

Dec  8 05:31:50  - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [RFC 3947] method set to9

Dec  8 05:31:50  - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth8, but already using method 109

Dec  8 05:31:50  - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth7, but already using method 109

Dec  8 05:31:50  - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

Dec  8 05:31:50  - [VPN Log]: "GB-VPN" #15: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'

Dec  8 05:31:50  - [VPN Log]: "GB-VPN" #15: responding to Aggressive Mode, state #15, connection "GB-VPN" from 67.76.xxx.xxx

Dec  8 05:31:50  - [VPN Log]: "GB-VPN" #15: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1

Dec  8 05:31:50  - [VPN Log]: "GB-VPN" #15: STATE_AGGR_R1: sent AR1, expecting AI2

Dec  8 05:31:50  - [VPN Log]: "GB-VPN" #15: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'

Dec  8 05:31:50  - [VPN Log]: "GB-VPN" #15: transition from state STATE_AGGR_R1 to state STATE_AGGR_R2

Dec  8 05:31:50  - [VPN Log]: "GB-VPN" #15: STATE_AGGR_R2: ISAKMP SA established {auth=KLEY_PRESHARED_KEY cipher=kley_3des_cbc_192 prf=kley_md5 group=dp768}

Dec  8 05:31:50  - [VPN Log]: "GB-VPN" #16: responding to Quick Mode {msgid:f3119ce2}

Dec  8 05:31:50  - [VPN Log]: "GB-VPN" #16: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1

Dec  8 05:31:50  - [VPN Log]: "GB-VPN" #16: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2

Dec  8 05:31:50  - [VPN Log]: "GB-VPN" #16: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

Dec  8 05:31:50  - [VPN Log]: "GB-VPN" #16: STATE_QUICK_R2: IPsec SA established {ESP=x267c1391 <0xe101ca37 xfrm=ES_0-HMAC_MD5 NATD=ne DPD=ne}

6737667.

more ....

Subject: WRVS4400N Security Log [FE:68:6F]

Dec  8 14:56:26  - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [RFC 3947] method set to9

Dec  8 14:56:26  - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth8, but already using method 109

Dec  8 14:56:26  - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth7, but already using method 109

Dec  8 14:56:26  - [VPN Log]: packet from 67.76.xxx.xxx:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]

Dec  8 14:56:26  - [VPN Log]: "GB-VPN" #39: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'

Dec  8 14:56:26  - [VPN Log]: "GB-VPN" #39: responding to Aggressive Mode, state #39, connection "GB-VPN" from 67.76.xxx.xxx

Dec  8 14:56:26  - [VPN Log]: "GB-VPN" #39: transition from state STATE_AGGR_R0 to state STATE_AGGR_R1

Dec  8 14:56:26  - [VPN Log]: "GB-VPN" #39: STATE_AGGR_R1: sent AR1, expecting AI2

Dec  8 14:56:26  - [VPN Log]: "GB-VPN" #39: Aggressive mode peer ID is ID_IPV4_ADDR: '67.76.xxx.xxx'

Dec  8 14:56:26  - [VPN Log]: "GB-VPN" #39: transition from state STATE_AGGR_R1 to state STATE_AGGR_R2

Dec  8 14:56:26  - [VPN Log]: "GB-VPN" #39: STATE_AGGR_R2: ISAKMP SA established {auth=KLEY_PRESHARED_KEY cipher=kley_3des_cbc_192 prf=kley_md5 group=dp768}

Dec  8 14:56:26  - [VPN Log]: "GB-VPN" #40: responding to Quick Mode {msgid:e11762ec}

Dec  8 14:56:26  - [VPN Log]: "GB-VPN" #40: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1

Dec  8 14:56:26  - [VPN Log]: "GB-VPN" #40: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2

Dec  8 14:56:27  - [VPN Log]: "GB-VPN" #40: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2

Dec  8 14:56:27  - [VPN Log]: "GB-VPN" #40: STATE_QUICK_R2: IPsec SA established {ESP=x267c139d <0xe101ca43 xfrm=ES_0-HMAC_MD5 NATD=ne DPD=ne}

Dec  8 15:05:19  - [VPN Log]: packet from 67.76.xxx.xxx:500: Informational Exchange is for an unknown (expired?) SA

also, I get this log quite often, but have no clue what it means, or if I should be concerned (but generally when the network is in use, but not neccessarily the VPN connection)

:

Dec  8 04:09:38  - klips_debug:pfkey_acquire: no sockets registered for SAtype=ESP).

also, I get this log often on one of the routers, but not so much on the other (and have no idea what this is):

Nov 27 00:22:22  - hit KRIS_DDOS_TYPE

Nov 27 00:25:26  - hit KRIS_DDOS_TYPE

thanks guys,

Brian

6 Replies 6

mikhail.brunes
Level 1
Level 1

I have this same issue. I also tried creating continuous traffic across the vpns via ping /t but no dice. The logs are not helpful for me either. Any ideas?

This entry is for IPS

Nov 27 00:25:26  - hit KRIS_DDOS_TYPE

Most of the other entries are VPN exchanges. You can disable the IPS to lighten the router load.

Can you post screenshot of both VPN configurations?

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

I have actually tried this as well and the connections still go down at random.

Both of these vpn's terminate to a sonicwall. One is the sonicwall at corp HQ and one at HR HQ. These sonicwalls are also linked to each other via a static vpn route. The keys are set i just removed them for security.

These are the logs i am so far not able to post pictures.

*Ok i guess i got the screenshots in*

Any ideas? The connection i consistently have problems with is BAX.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: