RVS4000/ASA IPSec Tunnels

Linksys, Netgear, sonicwall, ect. Webbase configurations for routers.
Post Reply
Guest

RVS4000/ASA IPSec Tunnels

Post by Guest »

We have an ASA as a central hub in an IPSec VPN community, with four RVS4000 branch office routers connecting into it. Setting up the VPN tunnels worked fine, except after a while the tunnels seem to disconnect all by themselves, and they will not reconnect. Browsing the ASAs logs we get:       IP = xx.yy.zz.aa, Received encrypted packet with no matching SA, dropping     where xx.yy.zz.aa is the remote peer and on the RVS side we get:      [VPN Log]: "TIMB-ELMS" #10: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal[/quote:ctk4q8nb] If I restart the RVS4000, the VPN connects just fine. If I let it sit for a while (like an hour or so) and hit connect, it connects just fine as well. Furthermore, if I enter the configuration screen for the VPN tunnel on the RVS, and hit SAVE (make no changes) it also connects. Just over time it seems to disconnect, and will not reconnect without a restart. FYI: There are RVS<=>RVS tunnels in place as well, and they stay up just fine ... it is just the connections to the ASA that seem to drop and not want to reconnect. Can anyone enlighten me to a source of the problem??
Guest

Re:RVS4000/ASA IPSec Tunnels

Post by Guest »

More info:: After much research and diagnosis I changed a few things:     i. Changed the Pre-Shared key to include only hexadecimal numbers (0-9, A-z) ... apparently having special characters can cause problems?     ii. Changed the _names_ of the IPSec tunnels to only alphabetic characters ...again, apparently having special characters might be an issue     iii. Changed the MTU for all RVS routers and the ASA to a max of 1400 instead of the default 1518 to avoid possible fragmentation issues from the IPSec overhead However, same issues persist ... if I restart RVS device that currently fails to connect, the tunnel comes up first time every time. But, over time they will disconnect and I cannot manually reconnect them (same errors above). Further analysis shows the disconnect issue I think... its on the RVS end, and research shows many people are experiencing this problem with the OpenSwan IPSec on Linux, which I highly suspect is inside these RVS routers. The log when the tunnel crashes looks like this: Mar 23 07:03:32 - [VPN Log]: "TIMBSPRY" #8: initiating Quick Mode PSK+ENCRYPT+TUNNEL+DISABLEARRIVALCHECK+UP {using isakmp#3}Mar 23 07:03:32 - [VPN Log]: "TIMBSPRY" #8: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2Mar 23 07:03:32 - [VPN Log]: "TIMBSPRY" #8: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xae33433c <0x31660547 xfrm=3DES_0-HMAC_SHA1 NATD=24.222.15.114:500 DPD=none}Mar 23 07:03:41 - [VPN Log]: shutting downMar 23 07:03:41 - [VPN Log]: forgetting secretsMar 23 07:03:41 - [VPN Log]: "TIMBSPRY": deleting connectionMar 23 07:03:41 - [VPN Log]: "TIMBSPRY" #8: deleting state (STATE_QUICK_I2)Mar 23 07:03:42 - [VPN Log]: ERROR: "TIMBSPRY" #8: pfkey write() of SADB_X_ADDFLOW message 43 for flow %trap failed. Errno 14: Bad address Mar 23 07:03:42 - [VPN Log]: | 02 0e 00 0b 17 00 00 00 2b 00 00 00 64 06 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 01 00 00 00 01 04 00 00 00 00 02 00 00 00Mar 23 07:03:42 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 00 00 00 18 de 10 46 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 00 00 00 00 00 00 00 00 03 00 15 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 00 00 00 c0 a8 03 00 00 00 00 00 84 0b 00 40Mar 23 07:03:42 - [VPN Log]: | 03 00 16 00 00 00 00 00 02 00 00 00 c0 a8 04 00Mar 23 07:03:42 - [VPN Log]: | b0 25 01 00 22 00 00 00 03 00 17 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 00 00 00 ff ff ff 00 64 65 6c 65 74 69 6e 67Mar 23 07:03:42 - [VPN Log]: | 03 00 18 00 00 00 00 00 02 00 00 00 ff ff ff 00Mar 23 07:03:42 - [VPN Log]: | 5f 51 55 49 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 04 00 03 0b 00 00 00 2c 00 00 00 64 06 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 01 00 ae 33 43 3c 00 01 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 00 00 00 18 de 10 46 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 18 de 0f 72Mar 23 07:03:42 - [VPN Log]: | 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 04 00 03 0b 00 00 00 2d 00 00 00 64 06 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 01 00 31 66 05 47 00 01 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 00 00 00 18 de 0f 72 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 18 de 10 46Mar 23 07:03:42 - [VPN Log]: | 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: "TIMBSPRY" #5: deleting state (STATE_QUICK_R2)Mar 23 07:03:42 - [VPN Log]: | 02 04 00 03 0b 00 00 00 2e 00 00 00 64 06 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 01 00 ae 33 43 3a 00 01 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 00 00 00 18 de 10 46 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 18 de 0f 72Mar 23 07:03:42 - [VPN Log]: | 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 04 00 03 0b 00 00 00 2f 00 00 00 64 06 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 01 00 31 66 05 45 00 01 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 00 00 00 18 de 0f 72 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 18 de 10 46Mar 23 07:03:42 - [VPN Log]: | 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: "TIMBSPRY" #4: deleting state (STATE_QUICK_I2)Mar 23 07:03:42 - [VPN Log]: | 02 04 00 03 0b 00 00 00 30 00 00 00 64 06 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 01 00 ae 33 43 3b 00 01 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 00 00 00 18 de 10 46 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 18 de 0f 72Mar 23 07:03:42 - [VPN Log]: | 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 04 00 03 0b 00 00 00 31 00 00 00 64 06 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 01 00 31 66 05 44 00 01 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 00 00 00 18 de 0f 72 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 18 de 10 46Mar 23 07:03:42 - [VPN Log]: | 00 00 00 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: "TIMBSPRY" #3: deleting state (STATE_MAIN_I4)Mar 23 07:03:42 - [VPN Log]: ERROR: "TIMBSPRY": pfkey write() of SADB_X_DELFLOW message 50 for flow int.0@0.0.0.0 failed. Errno 14: Bad addressMar 23 07:03:42 - [VPN Log]: | 02 0f 00 0b 0e 00 00 00 32 00 00 00 64 06 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 15 00 00 00 00 00 02 00 00 00 c0 a8 03 00Mar 23 07:03:42 - [VPN Log]: | 00 00 00 00 84 0b 00 40 03 00 16 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 00 00 00 c0 a8 04 00 b0 25 01 00 22 00 00 00Mar 23 07:03:42 - [VPN Log]: | 03 00 17 00 00 00 00 00 02 00 00 00 ff ff ff 00Mar 23 07:03:42 - [VPN Log]: | 88 eb ff bf 00 00 00 00 03 00 18 00 00 00 00 00Mar 23 07:03:42 - [VPN Log]: | 02 00 00 00 ff ff ff 00 00 00 00 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: "TIMBSPRY": unroute-client output: 0Mar 23 07:03:43 - [VPN Log]: "SHUBSPRY": deleting connectionMar 23 07:03:43 - [VPN Log]: "SHUBSPRY" #7: deleting state (STATE_QUICK_I2)Mar 23 07:03:43 - [VPN Log]: ERROR: "SHUBSPRY" #7: pfkey write() of SADB_X_ADDFLOW message 51 for flow %trap failed. Errno 14: C Mar 23 07:03:43 - [VPN Log]: | 02 0e 00 0b 17 00 00 00 33 00 00 00 64 06 00 00Mar 23 07:03:43 - [VPN Log]: | 03 00 01 00 00 00 01 04 00 00 00 00 02 00 00 00Mar 23 07:03:43 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 02 00 00 00 18 de 10 46 00 00 00 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 00 00 00 00 00 00 00 00 03 00 15 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 02 00 00 00 c0 a8 03 00 00 00 00 00 84 0b 00 40Mar 23 07:03:43 - [VPN Log]: | 03 00 16 00 00 00 00 00 02 00 00 00 c0 a8 02 00Mar 23 07:03:43 - [VPN Log]: | b0 25 01 00 22 00 00 00 03 00 17 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 02 00 00 00 ff ff ff 00 64 65 6c 65 74 69 6e 67Mar 23 07:03:43 - [VPN Log]: | 03 00 18 00 00 00 00 00 02 00 00 00 ff ff ff 00Mar 23 07:03:43 - [VPN Log]: | 5f 51 55 49 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 02 04 00 03 0b 00 00 00 34 00 00 00 64 06 00 00Mar 23 07:03:43 - [VPN Log]: | 03 00 01 00 ea 98 c9 fa 00 01 00 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 02 00 00 00 18 de 10 46 00 00 00 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 18 de 72 1eMar 23 07:03:43 - [VPN Log]: | 00 00 00 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 02 04 00 03 0b 00 00 00 35 00 00 00 64 06 00 00Mar 23 07:03:43 - [VPN Log]: | 03 00 01 00 31 66 05 46 00 01 00 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 02 00 00 00 18 de 72 1e 00 00 00 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 18 de 10 46Mar 23 07:03:43 - [VPN Log]: | 00 00 00 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: "SHUBSPRY" #6: deleting state (STATE_MAIN_I4)Mar 23 07:03:43 - [VPN Log]: ERROR: "SHUBSPRY": pfkey write() of SADB_X_DELFLOW message 54 for flow int.0@0.0.0.0 failed. Errno 14: Bad address Mar 23 07:03:43 - [VPN Log]: | 02 0f 00 0b 0e 00 00 00 36 00 00 00 64 06 00 00Mar 23 07:03:43 - [VPN Log]: | 03 00 15 00 00 00 00 00 02 00 00 00 c0 a8 03 00Mar 23 07:03:43 - [VPN Log]: | 00 00 00 00 84 0b 00 40 03 00 16 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 02 00 00 00 c0 a8 02 00 b0 25 01 00 22 00 00 00Mar 23 07:03:43 - [VPN Log]: | 03 00 17 00 00 00 00 00 02 00 00 00 ff ff ff 00Mar 23 07:03:43 - [VPN Log]: | 88 eb ff bf 00 00 00 00 03 00 18 00 00 00 00 00Mar 23 07:03:43 - [VPN Log]: | 02 00 00 00 ff ff ff 00 00 00 00 00 00 00 00 00Mar 23 07:03:44 - [VPN Log]: "SHUBSPRY": unroute-client output: /usr/local/lib/ipsec/_updown: doroute `ip route delete 192.168.2.0/24 via 24.222.16.69 dev ipsec0 failed (ip: RTNETLINK answers: No such process)Mar 23 07:03:44 - [VPN Log]: "SHUBSPRY": unroute-client output: /usr/local/lib/ipsec/_updown: doroute `ip route delete 192.168.2.0/24 via 24.222.16.69 dev ipsec0 failed (ip: RTNETLINK answers: No such process)Mar 23 07:03:45 - [VPN Log]: "SHUBSPRY": unroute-client output: we add the route in manual formMar 23 07:03:45 - [VPN Log]: "SHUBSPRY": unroute-client output: route add -net 192.168.2.0 netmask 255.255.255.0 dev ipsec0Mar 23 07:03:45 - [VPN Log]: "SHUBSPRY": unroute-client output: 1Mar 23 07:03:45 - [VPN Log]: "SPRYELMS": deleting connectionMar 23 07:03:45 - [VPN Log]: "SPRYELMS" #2: deleting state (STATE_QUICK_I2)Mar 23 07:03:45 - [VPN Log]: ERROR: "SPRYELMS" #2: pfkey write() of SADB_X_ADDFLOW message 55 for flow %trap failed. Errno 14: Bad address Mar 23 07:03:45 - [VPN Log]: | 02 0e 00 0b 17 00 00 00 37 00 00 00 64 06 00 00Mar 23 07:03:45 - [VPN Log]: | 03 00 01 00 00 00 01 04 00 00 00 00 02 00 00 00Mar 23 07:03:45 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 02 00 00 00 18 de 10 46 00 00 00 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 00 00 00 00 00 00 00 00 03 00 15 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 02 00 00 00 c0 a8 03 00 00 00 00 00 84 0b 00 40Mar 23 07:03:45 - [VPN Log]: | 03 00 16 00 00 00 00 00 02 00 00 00 c0 a8 00 00Mar 23 07:03:45 - [VPN Log]: | b0 25 01 00 22 00 00 00 03 00 17 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 02 00 00 00 ff ff ff 00 64 65 6c 65 74 69 6e 67Mar 23 07:03:45 - [VPN Log]: | 03 00 18 00 00 00 00 00 02 00 00 00 ff ff ff 00Mar 23 07:03:45 - [VPN Log]: | 5f 51 55 49 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 02 04 00 03 0b 00 00 00 38 00 00 00 64 06 00 00Mar 23 07:03:45 - [VPN Log]: | 03 00 01 00 d0 9a a9 b1 00 01 00 00 00 00 00 00 Mar 23 07:03:45 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 02 00 00 00 18 de 10 46 00 00 00 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 18 de 2f 86Mar 23 07:03:45 - [VPN Log]: | 00 00 00 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 02 04 00 03 0b 00 00 00 39 00 00 00 64 06 00 00Mar 23 07:03:45 - [VPN Log]: | 03 00 01 00 31 66 05 43 00 01 00 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | ff ff ff ff 00 00 00 00 03 00 05 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 02 00 00 00 18 de 2f 86 00 00 00 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 03 00 06 00 00 00 00 00 02 00 00 00 18 de 10 46Mar 23 07:03:45 - [VPN Log]: | 00 00 00 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: "SPRYELMS" #1: deleting state (STATE_MAIN_I4)Mar 23 07:03:45 - [VPN Log]: ERROR: "SPRYELMS": pfkey write() of SADB_X_DELFLOW message 58 for flow int.0@0.0.0.0 failed. Errno 14: Bad address Mar 23 07:03:45 - [VPN Log]: | 02 0f 00 0b 0e 00 00 00 3a 00 00 00 64 06 00 00Mar 23 07:03:45 - [VPN Log]: | 03 00 15 00 00 00 00 00 02 00 00 00 c0 a8 03 00Mar 23 07:03:45 - [VPN Log]: | 00 00 00 00 84 0b 00 40 03 00 16 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 02 00 00 00 c0 a8 00 00 b0 25 01 00 22 00 00 00Mar 23 07:03:45 - [VPN Log]: | 03 00 17 00 00 00 00 00 02 00 00 00 ff ff ff 00Mar 23 07:03:45 - [VPN Log]: | 88 eb ff bf 00 00 00 00 03 00 18 00 00 00 00 00Mar 23 07:03:45 - [VPN Log]: | 02 00 00 00 ff ff ff 00 00 00 00 00 00 00 00 00Mar 23 07:03:46 - [VPN Log]: "SPRYELMS": unroute-client output: /usr/local/lib/ipsec/_updown: doroute `ip route delete 192.168.0.0/24 via 24.222.16.69 dev ipsec0 failed (ip: RTNETLINK answers: No such process)Mar 23 07:03:46 - [VPN Log]: "SPRYELMS": unroute-client output: /usr/local/lib/ipsec/_updown: doroute `ip route delete 192.168.0.0/24 via 24.222.16.69 dev ipsec0 failed (ip: RTNETLINK answers: No such process)Mar 23 07:03:46 - [VPN Log]: "SPRYELMS": unroute-client output: we add the route in manual formMar 23 07:03:46 - [VPN Log]: "SPRYELMS": unroute-client output: route add -net 192.168.0.0 netmask 255.255.255.0 dev ipsec0Mar 23 07:03:46 - [VPN Log]: "SPRYELMS": unroute-client output: 1Mar 23 07:03:46 - [VPN Log]: shutting down interface ipsec0/eth1 24.222.16.70:4500Mar 23 07:03:46 - [VPN Log]: shutting down interface ipsec0/eth1 24.222.16.70:500Mar 23 07:03:49 - [VPN Log]: Starting Pluto (Openswan Version cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OE@ECqImzhFD)Mar 23 07:03:49 - [VPN Log]: @(#) built on Oct 27 2009:16:21:09:Mar 23 07:03:49 - [VPN Log]: Setting NAT-Traversal port-4500 floating to onMar 23 07:03:49 - [VPN Log]: port floating activation criteria nat_t=1/port_fload=1Mar 23 07:03:49 - [VPN Log]: including NAT-Traversal patch (Version 0.6c)Mar 23 07:03:49 - [VPN Log]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)Mar 23 07:03:49 - [VPN Log]: starting up 1 cryptographic helpersMar 23 07:03:49 - [VPN Log]: started helper pid=2182 (fd:5)Mar 23 07:03:49 - [VPN Log]: Using KLIPS IPsec interface code on 2.4.27-starMar 23 07:03:49 - [VPN Log]: Changing to directory /etc/ipsec.d/cacertsMar 23 07:03:49 - [VPN Log]: Changing to directory /etc/ipsec.d/aacertsMar 23 07:03:49 - [VPN Log]: Changing to directory /etc/ipsec.d/ocspcertsMar 23 07:03:49 - [VPN Log]: Changing to directory /etc/ipsec.d/crlsMar 23 07:03:49 - [VPN Log]: Warning: empty directoryMar 23 07:03:49 - [VPN Log]: added connection description "SPRYELMS"Mar 23 07:03:49 - [VPN Log]: listening for IKE messagesMar 23 07:03:50 - [VPN Log]: adding interface ipsec0/eth1 24.222.16.70:500Mar 23 07:03:50 - [VPN Log]: adding interface ipsec0/eth1 24.222.16.70:4500Mar 23 07:03:50 - [VPN Log]: loading secrets from "/etc/ipsec.secrets"Mar 23 07:03:51 - [VPN Log]: "SPRYELMS": route-client output: 0Mar 23 07:03:51 - [VPN Log]: packet from 24.222.15.114:500: received Vendor ID payload [Openswan (this version) cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]Mar 23 07:03:51 - [VPN Log]: packet from 24.222.15.114:500: received Vendor ID payload [Dead Peer Detection]Mar 23 07:03:51 - [VPN Log]: packet from 24.222.15.114:500: received Vendor ID payload [RFC 3947] method set to=109Mar 23 07:03:51 - [VPN Log]: packet from 24.222.15.114:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109Mar 23 07:03:51 - [VPN Log]: packet from 24.222.15.114:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109Mar 23 07:03:51 - [VPN Log]: packet from 24.222.15.114:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]Mar 23 07:03:51 - [VPN Log]: packet from 24.222.15.114:500: initial Main Mode message received on 24.222.16.70:500 but no connection has been authorizedMar 23 07:03:51 - [VPN Log]: "SPRYELMS" #1: initiating Main ModeMar 23 07:03:51 - [VPN Log]: added connection description "TIMBSPRY"
Guest

Re:RVS4000/ASA IPSec Tunnels

Post by Guest »

Sounds like you may need to shorten your key timers. Try cutting each timer in half. See if that helps. Bill
Guest

Re:RVS4000/ASA IPSec Tunnels

Post by Guest »

Thks Bill, but Ive tried all sorts of timers; we ended up putting them extremely high (24hrs) simply to give a consistant working day w/o disconnection. Final solution was to pull the RVS4000s and put in RV042s. After much digging I found the problem: The RVS VPN module was burping on the ASA VPN tunnel because of an invalid packet -- turns out to be the ASAs Keepalive packet. If I turn off the Keepalive/DPD on the ASA the problem stopped, however the application they
e using over the tunnel is a little particular about consistent connections. If the tunnel drops due to inactivity, and a packet is lost while the tunnel rebuilds when traffic begins again, the application freezes (I know, poorly written app, but it is what Ive got to work with here). We need the tunnels to be maintained all the time, so KeepAlive is required. I invested in the RV042s because they properly support the Keepalive/DPD features. All is good now.
Post Reply