Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn tunnel fails on rekey

Using several VPN 3060s on both 4.1.2 and 4.7 software I see occasional tunnel disconnects which seem to be related to IKE rekeying. All are at 7h 36mins 32secs and the rekey timer is 8hrs. The clients are both 4.0.3F and 4.7. Has anyone else seen this, and if so, what's the solution?

Log :-

76018755 VPN_CONC local7 notice notice bd 2005-10-30 22:57:49 15974 15974 10/30/2005 22:59:42.990 SEV=4 AUTH/28 RPT=306 {remote IP} User [XXX] Group [XXX_Group] disconnected: Session Type: IPSec/NAT-T Duration: 7:36:32 Bytes xmt: 62370096 Bytes rcv: 61278448 Reason: Lost Service

76018754 VPN_CONC local7 notice notice bd 2005-10-30 22:57:49 15970 15970 10/30/2005 22:59:42.990 SEV=5 IKE/194 RPT=371 {remote IP} Group [XXX_Group] User [XXX] Sending IKE Delete With Reason message: No Reason Provided.

76018753 VPN_CONC local7 notice notice bd 2005-10-30 22:57:49 15968 15968 10/30/2005 22:59:42.990 SEV=4 IKEDBG/97 RPT=3 {remote IP} Group [XX_Group] User [XXX] QM FSM error (P2 struct &0x17ad18cc, mess id 0x328d38e)!

76018714 VPN_CONC local7 notice notice bd 2005-10-30 22:57:17 15965 15965 10/30/2005 22:59:10.990 SEV=4 IKE/41 RPT=168 {remote IP} Group [XX_Group] User [XXX] IKE Initiator: Rekeying Phase 2, Intf 2, IKE Peer {remote IP} local Proxy Address 0.0.0.0, remote Proxy Address {local IP}, SA (ESP-AES256-SHA)

Thanks

SC

3 REPLIES
Gold

Re: vpn tunnel fails on rekey

the reason being given is "lost service". i guess the client may have connectivity issue. just wondering if this occurs at 7h36m32s every time.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_qanda_item09186a0080094cf4.shtml#general

New Member

Re: vpn tunnel fails on rekey

This is just a single example from the logs. I've seen it with many different users on clients varying from 4.0.3 to 4.7 and it's always the same duration.

ovt Bronze
Bronze

Re: vpn tunnel fails on rekey

I verified rekeying yesterday between 4.7.2 and the latest 4.7 client and it works fine. Try to set "Reauthentication on rekey" in Group setup to see what is happening. Also, look thru client log file.

169
Views
1
Helpful
3
Replies