Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSEC VPN tunnel issue: Phase 2 negotiation failed due to time up

In our India office we have a Cisco SA520 firewall (public IP 182.72.111.18)

In our California office we have an ASA 5520 firewall (public IP 66.185.167.66)

We have had an IPSEC tunnel up for years and occasionally the tunnel breaks.  Here is what I'm seeing on the SA520 log:

Fri Mar 07 20:47:37 2014 (GMT +0530): [Cisco] [IKE] INFO:  Initiating new phase 2 negotiation: 182.72.111.18[0]<=>66.185.167.66[0]

Fri Mar 07 20:47:37 2014 (GMT +0530): [Cisco] [IKE] INFO:  IPsec-SA expired: ESP/Tunnel 66.185.167.66->182.72.111.18 with spi=135271603(0x81014b3)

Fri Mar 07 20:47:38 2014 (GMT +0530): [Cisco] [IKE] INFO:  IPsec-SA established: ESP/Tunnel 66.185.167.66->182.72.111.18 with spi=77516397(0x49ece6d)

Fri Mar 07 20:47:38 2014 (GMT +0530): [Cisco] [IKE] INFO:  IPsec-SA established: ESP/Tunnel 182.72.111.18->66.185.167.66 with spi=163242077(0x9bae05d)

Fri Mar 07 20:48:08 2014 (GMT +0530): [Cisco] [IKE] INFO:  Purged IPsec-SA with proto_id=ESP and spi=3829319182(0xe43ec60e).

Fri Mar 07 20:48:46 2014 (GMT +0530): [Cisco] [IKE] ERROR:  Phase 2 negotiation failed due to time up. 0c936dfa799d6715:c1cf3817aa9302a5:c4ec6232

Fri Mar 07 20:48:46 2014 (GMT +0530): [Cisco] [IKE] INFO:  an undead schedule has been deleted: 'quick_i1prep'.

What could cause this to happen intermittenly?  I would think that a configuration mismatch would cause this to happen all the time.

thanks in advance

  • VPN
Everyone's tags (5)
1424
Views
0
Helpful
0
Replies