Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
526
Views
1
Helpful
3
Replies

vpn tunnel fails on rekey

schant
Level 1
Level 1

‎10-31-2005 07:21 AM

Using several VPN 3060s on both 4.1.2 and 4.7 software I see occasional tunnel disconnects which seem to be related to IKE rekeying. All are at 7h 36mins 32secs and the rekey timer is 8hrs. The clients are both 4.0.3F and 4.7. Has anyone else seen this, and if so, what's the solution?

Log :-

76018755 VPN_CONC local7 notice notice bd 2005-10-30 22:57:49 15974 15974 10/30/2005 22:59:42.990 SEV=4 AUTH/28 RPT=306 {remote IP} User [XXX] Group [XXX_Group] disconnected: Session Type: IPSec/NAT-T Duration: 7:36:32 Bytes xmt: 62370096 Bytes rcv: 61278448 Reason: Lost Service

76018754 VPN_CONC local7 notice notice bd 2005-10-30 22:57:49 15970 15970 10/30/2005 22:59:42.990 SEV=5 IKE/194 RPT=371 {remote IP} Group [XXX_Group] User [XXX] Sending IKE Delete With Reason message: No Reason Provided.

76018753 VPN_CONC local7 notice notice bd 2005-10-30 22:57:49 15968 15968 10/30/2005 22:59:42.990 SEV=4 IKEDBG/97 RPT=3 {remote IP} Group [XX_Group] User [XXX] QM FSM error (P2 struct &0x17ad18cc, mess id 0x328d38e)!

76018714 VPN_CONC local7 notice notice bd 2005-10-30 22:57:17 15965 15965 10/30/2005 22:59:10.990 SEV=4 IKE/41 RPT=168 {remote IP} Group [XX_Group] User [XXX] IKE Initiator: Rekeying Phase 2, Intf 2, IKE Peer {remote IP} local Proxy Address 0.0.0.0, remote Proxy Address {local IP}, SA (ESP-AES256-SHA)

Thanks

SC

Labels:
0 Helpful
3 Replies 3

jackko
Level 7
Level 7

‎11-02-2005 05:47 PM

the reason being given is "lost service". i guess the client may have connectivity issue. just wondering if this occurs at 7h36m32s every time.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_qanda_item09186a0080094cf4.shtml#general

schant
Level 1
Level 1
In response to jackko

‎11-03-2005 08:47 AM

This is just a single example from the logs. I've seen it with many different users on clients varying from 4.0.3 to 4.7 and it's always the same duration.

0 Helpful

ovt
Level 4
Level 4

‎11-04-2005 01:48 AM

I verified rekeying yesterday between 4.7.2 and the latest 4.7 client and it works fine. Try to set "Reauthentication on rekey" in Group setup to see what is happening. Also, look thru client log file.

0 Helpful
Customers Also Viewed These Support Documents