This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC Site to Site tunnel starts to drop packets after 20 mins of tunnel establishment

we have a site to site tunnel in both Sophos Gateways.

The Configuration used IKEv2 in the both site and the configs are identical. The problem is the tunnel remains up but the packets starts to drop after 20 mins. tunnel has to re-established

The GUI Logs showing : the received IKE_SA proposals did not match: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048

but I dont see any difference between both site's config. However, recently I have change One Site as Responder Only and the Branch Site as Initiator.

What might be the reason ?

BR/ARIQ

This thread was automatically locked due to age.

Top Replies

Vivek Jagad over 3 years ago +2

Hello Ariq Aziz , Thank you for reaching out to the community, next time if the issue re-occurs please share more detail logs, to determine what could have caused: > to enable/disable the debug from the…

0 Vivek Jagad over 3 years ago

Hello Ariq Aziz,

Thank you for reaching out to the community, next time if the issue re-occurs please share more detail logs, to determine what could have caused:
> to enable/disable the debug from the advance shell: service strongswan:debug -ds nosync
> log directory: /log/strongswan.log

IPsec troubleshooting and most common errors: support.sophos.com/.../KB-000038566

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +2 Vote Down

Cancel
0 Ariq Aziz over 3 years ago in reply to Vivek Jagad

Hi

Here is the scenario

TSG is the DC FW (subnets are : 10.255.255.0/24 , 10.80.120.0/24 adn 10.80.122.0/24

Mandoon is the Branch Firewall

IP Sec Tunnel name: TSG_Ipsec-1

Logs are given below:
Cancel
Vote Up 0 Vote Down

Cancel
0 Ariq Aziz over 3 years ago in reply to Ariq Aziz

A part of the log:

2022-05-26 03:31:57Z 09[IKE] <TSG_IPSEC-1|2507> sending DPD request
2022-05-26 03:31:57Z 09[ENC] <TSG_IPSEC-1|2507> generating INFORMATIONAL request 513 [ ]
2022-05-26 03:31:57Z 09[NET] <TSG_IPSEC-1|2507> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (80 bytes)
2022-05-26 03:31:57Z 30[NET] <TSG_IPSEC-1|2507> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (80 bytes)
2022-05-26 03:31:57Z 30[ENC] <TSG_IPSEC-1|2507> parsed INFORMATIONAL request 96 [ ]
2022-05-26 03:31:57Z 30[ENC] <TSG_IPSEC-1|2507> generating INFORMATIONAL response 96 [ ]
2022-05-26 03:31:57Z 30[NET] <TSG_IPSEC-1|2507> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (80 bytes)
2022-05-26 03:31:57Z 14[NET] <TSG_IPSEC-1|2507> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (80 bytes)
2022-05-26 03:31:57Z 14[ENC] <TSG_IPSEC-1|2507> parsed INFORMATIONAL response 513 [ ]
2022-05-26 03:31:58Z 07[IKE] <HO_IPSEC-1|2514> sending DPD request
2022-05-26 03:31:58Z 07[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL request 75 [ ]
2022-05-26 03:31:58Z 07[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:31:58Z 29[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:31:58Z 29[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL request 102 [ ]
2022-05-26 03:31:58Z 29[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL response 102 [ ]
2022-05-26 03:31:58Z 29[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:31:58Z 28[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:31:58Z 28[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL response 75 [ ]
2022-05-26 03:31:58Z 20[NET] <HO_IPSEC-1|2515> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:31:58Z 20[ENC] <HO_IPSEC-1|2515> parsed INFORMATIONAL request 65 [ ]
2022-05-26 03:31:58Z 20[ENC] <HO_IPSEC-1|2515> generating INFORMATIONAL response 65 [ ]
2022-05-26 03:31:58Z 20[NET] <HO_IPSEC-1|2515> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:32:19Z 10[NET] <HO_IPSEC-1|2516> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:32:19Z 10[ENC] <HO_IPSEC-1|2516> parsed INFORMATIONAL request 72 [ ]
2022-05-26 03:32:19Z 10[ENC] <HO_IPSEC-1|2516> generating INFORMATIONAL response 72 [ ]
2022-05-26 03:32:19Z 10[NET] <HO_IPSEC-1|2516> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:32:27Z 25[IKE] <TSG_IPSEC-1|2507> sending DPD request
2022-05-26 03:32:27Z 25[ENC] <TSG_IPSEC-1|2507> generating INFORMATIONAL request 514 [ ]
2022-05-26 03:32:27Z 25[NET] <TSG_IPSEC-1|2507> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (80 bytes)
2022-05-26 03:32:27Z 17[NET] <TSG_IPSEC-1|2507> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (80 bytes)
2022-05-26 03:32:27Z 17[ENC] <TSG_IPSEC-1|2507> parsed INFORMATIONAL request 97 [ ]
2022-05-26 03:32:27Z 17[ENC] <TSG_IPSEC-1|2507> generating INFORMATIONAL response 97 [ ]
2022-05-26 03:32:27Z 17[NET] <TSG_IPSEC-1|2507> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (80 bytes)
2022-05-26 03:32:27Z 27[NET] <TSG_IPSEC-1|2507> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (80 bytes)
2022-05-26 03:32:27Z 27[ENC] <TSG_IPSEC-1|2507> parsed INFORMATIONAL response 514 [ ]
2022-05-26 03:32:28Z 05[IKE] <HO_IPSEC-1|2514> sending DPD request
2022-05-26 03:32:28Z 05[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL request 76 [ ]
2022-05-26 03:32:28Z 05[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:32:28Z 18[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:32:28Z 18[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL request 103 [ ]
2022-05-26 03:32:28Z 18[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL response 103 [ ]
2022-05-26 03:32:28Z 18[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:32:28Z 06[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:32:28Z 06[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL response 76 [ ]
2022-05-26 03:32:28Z 23[NET] <HO_IPSEC-1|2515> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:32:28Z 23[ENC] <HO_IPSEC-1|2515> parsed INFORMATIONAL request 66 [ ]
2022-05-26 03:32:28Z 23[ENC] <HO_IPSEC-1|2515> generating INFORMATIONAL response 66 [ ]
2022-05-26 03:32:28Z 23[NET] <HO_IPSEC-1|2515> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:32:46Z 10[NET] <TSG_IPSEC-1|2507> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (80 bytes)
2022-05-26 03:32:46Z 10[ENC] <TSG_IPSEC-1|2507> parsed INFORMATIONAL request 98 [ D ]
2022-05-26 03:32:46Z 10[IKE] <TSG_IPSEC-1|2507> received DELETE for IKE_SA TSG_IPSEC-1[2507]
2022-05-26 03:32:46Z 10[IKE] <TSG_IPSEC-1|2507> deleting IKE_SA TSG_IPSEC-1[2507] between ((Mandoon Public IP))[((Mandoon Public IP))]...((TSG-DC_FW_Public IP))[((TSG-DC_FW_Public IP))]
2022-05-26 03:32:46Z 10[IKE] <TSG_IPSEC-1|2507> restarting CHILD_SA TSG_IPSEC-1
2022-05-26 03:32:46Z 10[IKE] <TSG_IPSEC-1|2507> initiating IKE_SA TSG_IPSEC-1[2518] to ((TSG-DC_FW_Public IP))
2022-05-26 03:32:46Z 10[ENC] <TSG_IPSEC-1|2507> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
2022-05-26 03:32:46Z 10[NET] <TSG_IPSEC-1|2507> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (718 bytes)
2022-05-26 03:32:46Z 10[IKE] <TSG_IPSEC-1|2507> restarting CHILD_SA TSG_IPSEC-3
2022-05-26 03:32:46Z 10[IKE] <TSG_IPSEC-1|2507> restarting CHILD_SA TSG_IPSEC-2
2022-05-26 03:32:46Z 10[IKE] <TSG_IPSEC-1|2507> IKE_SA deleted
2022-05-26 03:32:46Z 10[APP] <TSG_IPSEC-1|2507> [COP-UPDOWN] (ref_counting) ref_count: 1 to 0 -- down -- (192.168.100.0/24#10.255.255.0/24)
2022-05-26 03:32:46Z 10[APP] <TSG_IPSEC-1|2507> [COP-UPDOWN] (ref_counting_remote) ref_count_remote: 3 to 2 -- down -- (((Mandoon Public IP))#((TSG-DC_FW_Public IP)))
2022-05-26 03:32:46Z 10[APP] <TSG_IPSEC-1|2507> [COP-UPDOWN] (cop_updown_invoke_once) UID: 2507 Net: Local ((Mandoon Public IP)) Remote ((TSG-DC_FW_Public IP)) Connection: TSG_IPSEC Fullname: TSG_IPSEC-1
2022-05-26 03:32:46Z 10[APP] <TSG_IPSEC-1|2507> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-client
2022-05-26 03:32:46Z 10[APP] <TSG_IPSEC-1|2507> [COP-UPDOWN] (ref_counting) ref_count: 1 to 0 -- down -- (192.168.100.0/24#10.80.120.0/24)
2022-05-26 03:32:46Z 10[APP] <TSG_IPSEC-1|2507> [COP-UPDOWN] (ref_counting_remote) ref_count_remote: 2 to 1 -- down -- (((Mandoon Public IP))#((TSG-DC_FW_Public IP)))
2022-05-26 03:32:46Z 10[APP] <TSG_IPSEC-1|2507> [COP-UPDOWN] (cop_updown_invoke_once) UID: 2507 Net: Local ((Mandoon Public IP)) Remote ((TSG-DC_FW_Public IP)) Connection: TSG_IPSEC Fullname: TSG_IPSEC-1
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][DB] (db_conn_info) hostname: 'TSG_IPSEC' result --> id: '1', mode: 'ntn', tunnel_type: '0', subnet_family:'0'
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) !!SKIP!! IPsec IKE for remotes (((Mandoon Public IP)) to ((TSG-DC_FW_Public IP))) already set up
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec subnet updown -- down --
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [NTN] NTN get actual...
2022-05-26 03:32:46Z 10[APP] <TSG_IPSEC-1|2507> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-client
2022-05-26 03:32:46Z 10[APP] <TSG_IPSEC-1|2507> [COP-UPDOWN] (ref_counting) ref_count: 1 to 0 -- down -- (192.168.100.0/24#10.80.122.0/24)
2022-05-26 03:32:46Z 10[APP] <TSG_IPSEC-1|2507> [COP-UPDOWN] (ref_counting_remote) ref_count_remote: 1 to 0 -- down -- (((Mandoon Public IP))#((TSG-DC_FW_Public IP)))
2022-05-26 03:32:46Z 10[APP] <TSG_IPSEC-1|2507> [COP-UPDOWN] (cop_updown_invoke_once) UID: 2507 Net: Local ((Mandoon Public IP)) Remote ((TSG-DC_FW_Public IP)) Connection: TSG_IPSEC Fullname: TSG_IPSEC-1
2022-05-26 03:32:46Z 10[APP] <TSG_IPSEC-1|2507> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' down-client
2022-05-26 03:32:46Z 10[ENC] <TSG_IPSEC-1|2507> generating INFORMATIONAL response 98 [ ]
2022-05-26 03:32:46Z 10[NET] <TSG_IPSEC-1|2507> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (80 bytes)
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][DB] (db_query) No data retrieved from query: 'SELECT ( nath.netid        || '/'        || nath.netmask ) AS natedlan FROM   tblvpnconnhostrel AS rel        JOIN tblhost AS h        ON h.hostid = rel.hostid        JOIN tblhost AS nath        ON rel .natedhost = nath.hostid WHERE rel.connectionid = $1        AND rel.hostlocation = 'L'        AND h.netid = $2        AND h.netmask = $3 LIMIT 1;' status: 2 rows: 0
2022-05-26 03:32:46Z 15[APP]
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 192.168.100.0 is IP: 192.168.100.254
2022-05-26 03:32:46Z 15[APP]
2022-05-26 03:32:46Z 09[NET] <TSG_IPSEC-1|2518> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (36 bytes)
2022-05-26 03:32:46Z 09[ENC] <TSG_IPSEC-1|2518> parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]
2022-05-26 03:32:46Z 09[IKE] <TSG_IPSEC-1|2518> received NO_PROPOSAL_CHOSEN notify error
2022-05-26 03:32:46Z 09[DMN] <TSG_IPSEC-1|2518> [GARNER-LOGGING] (child_alert) ALERT: the received IKE_SA proposals did not match: IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256, IKE:AES_CBC_128/AES_CBC_192/AES_CBC_256/CAMELLIA_CBC_128/CAMELLIA_CBC_192/CAMELLIA_CBC_256/HMAC_SHA2_256_128/HMAC_SHA2_384_192/HMAC_SHA2_512_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048, IKE:AES_GCM_16_128/AES_GCM_16_192/AES_GCM_16_256/AES_GCM_12_128/AES_GCM_12_192/AES_GCM_12_256/AES_GCM_8_128/AES_GCM_8_192/AES_GCM_8_256/PRF_HMAC_SHA2_256/PRF_HMAC_SHA2_384/PRF_HMAC_SHA2_512/ECP_256/ECP_384/ECP_521/ECP_256_BP/ECP_384_BP/ECP_512_BP/CURVE_25519/MODP_3072/MODP_4096/MODP_8192/MODP_2048
2022-05-26 03:32:46Z 09[IKE] <TSG_IPSEC-1|2518> IKE_SA NO_PROPOSAL_CHOSEN set_condition COND_START_OVER
2022-05-26 03:32:46Z 09[IKE] <TSG_IPSEC-1|2518> IKE_SA has_condition COND_START_OVER retry initiate in 60 sec
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route del 10.255.255.0/24 dev ipsec0 src 192.168.100.254 table 220': success 0
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN] (add_routes) no routes to del for TSG_IPSEC on interface ipsec0
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"((Mandoon Public IP))","peer":"((TSG-DC_FW_Public IP))","mynet":"192.168.100.0/24","peernet":"10.255.255.0/24","connop":"0","iface":"unknown","myproto":"0","myport":"0","peerproto":"0","peerport":"0","conntype":"ntn","actnet":"","compress":"1","conn_id":"1"}'': success 0
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --not-protonum=6 --inzone-outzone=2': success 0
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --not-protonum=6 --inzone-outzone=5': success 0
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --protonum=50': success 0
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode set_timer_mail_updown -s nosync -t json -b '{"event":"down","conn":"TSG_IPSEC","local_net":"192.168.100.0/24","remote_net":"10.255.255.0/24","reason":"0"}'': success 0
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][DB] (db_conn_info) hostname: 'TSG_IPSEC' result --> id: '1', mode: 'ntn', tunnel_type: '0', subnet_family:'0'
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) !!SKIP!! IPsec IKE for remotes (((Mandoon Public IP)) to ((TSG-DC_FW_Public IP))) already set up
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec subnet updown -- down --
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [NTN] NTN get actual...
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][DB] (db_query) No data retrieved from query: 'SELECT ( nath.netid        || '/'        || nath.netmask ) AS natedlan FROM   tblvpnconnhostrel AS rel        JOIN tblhost AS h        ON h.hostid = rel.hostid        JOIN tblhost AS nath        ON rel .natedhost = nath.hostid WHERE rel.connectionid = $1        AND rel.hostlocation = 'L'        AND h.netid = $2        AND h.netmask = $3 LIMIT 1;' status: 2 rows: 0
2022-05-26 03:32:46Z 15[APP]
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 192.168.100.0 is IP: 192.168.100.254
2022-05-26 03:32:46Z 15[APP]
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route del 10.80.120.0/24 dev ipsec0 src 192.168.100.254 table 220': success 0
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN] (add_routes) no routes to del for TSG_IPSEC on interface ipsec0
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2022-05-26 03:32:46Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"((Mandoon Public IP))","peer":"((TSG-DC_FW_Public IP))","mynet":"192.168.100.0/24","peernet":"10.80.120.0/24","connop":"0","iface":"unknown","myproto":"0","myport":"0","peerproto":"0","peerport":"0","conntype":"ntn","actnet":"","compress":"1","conn_id":"1"}'': success 0
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --not-protonum=6 --inzone-outzone=2': success 0
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --not-protonum=6 --inzone-outzone=5': success 0
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --protonum=50': success 0
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode set_timer_mail_updown -s nosync -t json -b '{"event":"down","conn":"TSG_IPSEC","local_net":"192.168.100.0/24","remote_net":"10.80.120.0/24","reason":"0"}'': success 0
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN][DB] (db_conn_info) hostname: 'TSG_IPSEC' result --> id: '1', mode: 'ntn', tunnel_type: '0', subnet_family:'0'
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec remote updown -- down --
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_gateway_chains -t json -s nosync -b '{"local_server":"((Mandoon Public IP))","remote_server":"((TSG-DC_FW_Public IP))","action":"disable","family":"0","conntype":"ntn","compress":"1"}'': success 0
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec subnet updown -- down --
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [NTN] NTN get actual...
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN][DB] (db_query) No data retrieved from query: 'SELECT ( nath.netid        || '/'        || nath.netmask ) AS natedlan FROM   tblvpnconnhostrel AS rel        JOIN tblhost AS h        ON h.hostid = rel.hostid        JOIN tblhost AS nath        ON rel .natedhost = nath.hostid WHERE rel.connectionid = $1        AND rel.hostlocation = 'L'        AND h.netid = $2        AND h.netmask = $3 LIMIT 1;' status: 2 rows: 0
2022-05-26 03:32:47Z 15[APP]
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 192.168.100.0 is IP: 192.168.100.254
2022-05-26 03:32:47Z 15[APP]
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route del 10.80.122.0/24 dev ipsec0 src 192.168.100.254 table 220': success 0
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN] (add_routes) no routes to del for TSG_IPSEC on interface ipsec0
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2022-05-26 03:32:47Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2022-05-26 03:32:48Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"((Mandoon Public IP))","peer":"((TSG-DC_FW_Public IP))","mynet":"192.168.100.0/24","peernet":"10.80.122.0/24","connop":"0","iface":"unknown","myproto":"0","myport":"0","peerproto":"0","peerport":"0","conntype":"ntn","actnet":"","compress":"1","conn_id":"1"}'': success 0
2022-05-26 03:32:48Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --not-protonum=6 --inzone-outzone=2': success 0
2022-05-26 03:32:48Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --not-protonum=6 --inzone-outzone=5': success 0
2022-05-26 03:32:48Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --protonum=50': success 0
2022-05-26 03:32:48Z 15[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode set_timer_mail_updown -s nosync -t json -b '{"event":"down","conn":"TSG_IPSEC","local_net":"192.168.100.0/24","remote_net":"10.80.122.0/24","reason":"0"}'': success 0
2022-05-26 03:32:49Z 13[IKE] <HO_IPSEC-1|2516> sending DPD request
2022-05-26 03:32:49Z 13[ENC] <HO_IPSEC-1|2516> generating INFORMATIONAL request 65 [ ]
2022-05-26 03:32:49Z 13[NET] <HO_IPSEC-1|2516> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:32:49Z 24[NET] <HO_IPSEC-1|2516> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:32:49Z 24[ENC] <HO_IPSEC-1|2516> parsed INFORMATIONAL response 65 [ ]
2022-05-26 03:32:58Z 14[IKE] <HO_IPSEC-1|2514> sending DPD request
2022-05-26 03:32:58Z 14[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL request 77 [ ]
2022-05-26 03:32:58Z 14[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:32:58Z 28[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:32:58Z 28[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL response 77 [ ]
2022-05-26 03:32:58Z 11[IKE] <HO_IPSEC-1|2515> sending DPD request
2022-05-26 03:32:58Z 11[ENC] <HO_IPSEC-1|2515> generating INFORMATIONAL request 149 [ ]
2022-05-26 03:32:58Z 11[NET] <HO_IPSEC-1|2515> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:32:58Z 25[NET] <HO_IPSEC-1|2515> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:32:58Z 25[ENC] <HO_IPSEC-1|2515> parsed INFORMATIONAL response 149 [ ]
2022-05-26 03:33:19Z 12[NET] <HO_IPSEC-1|2516> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:33:19Z 12[ENC] <HO_IPSEC-1|2516> parsed INFORMATIONAL request 73 [ ]
2022-05-26 03:33:19Z 12[ENC] <HO_IPSEC-1|2516> generating INFORMATIONAL response 73 [ ]
2022-05-26 03:33:19Z 12[NET] <HO_IPSEC-1|2516> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:33:28Z 20[IKE] <HO_IPSEC-1|2514> sending DPD request
2022-05-26 03:33:28Z 20[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL request 78 [ ]
2022-05-26 03:33:28Z 20[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:33:28Z 17[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:33:28Z 17[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL request 104 [ ]
2022-05-26 03:33:28Z 17[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL response 104 [ ]
2022-05-26 03:33:28Z 17[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:33:28Z 27[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:33:28Z 27[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL response 78 [ ]
2022-05-26 03:33:28Z 05[NET] <HO_IPSEC-1|2515> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:33:28Z 05[ENC] <HO_IPSEC-1|2515> parsed INFORMATIONAL request 67 [ ]
2022-05-26 03:33:28Z 05[ENC] <HO_IPSEC-1|2515> generating INFORMATIONAL response 67 [ ]
2022-05-26 03:33:28Z 05[NET] <HO_IPSEC-1|2515> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:33:46Z 26[MGR] <TSG_IPSEC-1|2519> Initiating CHILD_SA with configuration TSG_IPSEC-1
2022-05-26 03:33:46Z 26[IKE] <TSG_IPSEC-1|2519> initiating IKE_SA TSG_IPSEC-1[2519] to ((TSG-DC_FW_Public IP))
2022-05-26 03:33:46Z 26[ENC] <TSG_IPSEC-1|2519> generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(REDIR_SUP) ]
2022-05-26 03:33:46Z 26[NET] <TSG_IPSEC-1|2519> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (718 bytes)
2022-05-26 03:33:46Z 26[MGR] <TSG_IPSEC-1|2519> Initiating CHILD_SA with configuration TSG_IPSEC-2
2022-05-26 03:33:46Z 26[MGR] <TSG_IPSEC-1|2519> Initiating CHILD_SA with configuration TSG_IPSEC-3
2022-05-26 03:33:46Z 16[NET] <TSG_IPSEC-1|2519> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (274 bytes)
2022-05-26 03:33:46Z 16[ENC] <TSG_IPSEC-1|2519> parsed IKE_SA_INIT response 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) N(FRAG_SUP) N(HASH_ALG) N(MULT_AUTH) ]
2022-05-26 03:33:46Z 16[IKE] <TSG_IPSEC-1|2519> authentication of '((Mandoon Public IP))' (myself) with pre-shared key
2022-05-26 03:33:46Z 16[IKE] <TSG_IPSEC-1|2519> establishing CHILD_SA TSG_IPSEC-1
2022-05-26 03:33:46Z 16[ENC] <TSG_IPSEC-1|2519> generating IKE_AUTH request 1 [ IDi IDr AUTH N(IPCOMP_SUP) SA TSi TSr N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ]
2022-05-26 03:33:46Z 16[NET] <TSG_IPSEC-1|2519> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (352 bytes)
2022-05-26 03:33:46Z 08[NET] <TSG_IPSEC-1|2519> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (224 bytes)
2022-05-26 03:33:46Z 08[ENC] <TSG_IPSEC-1|2519> parsed IKE_AUTH response 1 [ IDr AUTH N(IPCOMP_SUP) SA TSi TSr ]
2022-05-26 03:33:46Z 08[IKE] <TSG_IPSEC-1|2519> authentication of '((TSG-DC_FW_Public IP))' with pre-shared key successful
2022-05-26 03:33:46Z 08[IKE] <TSG_IPSEC-1|2519> IKE_SA TSG_IPSEC-1[2519] established between ((Mandoon Public IP))[((Mandoon Public IP))]...((TSG-DC_FW_Public IP))[((TSG-DC_FW_Public IP))]
2022-05-26 03:33:46Z 08[IKE] <TSG_IPSEC-1|2519> scheduling rekeying in 86312s
2022-05-26 03:33:46Z 08[IKE] <TSG_IPSEC-1|2519> maximum IKE_SA lifetime 86372s
2022-05-26 03:33:46Z 08[IKE] <TSG_IPSEC-1|2519> CHILD_SA TSG_IPSEC-1{7405} established with SPIs c413c328_i cb9b52d8_o and TS 192.168.100.0/24 === 10.255.255.0/24
2022-05-26 03:33:46Z 08[APP] <TSG_IPSEC-1|2519> [COP-UPDOWN] (ref_counting) ref_count: 0 to 1 ++ up ++ (192.168.100.0/24#10.255.255.0/24)
2022-05-26 03:33:46Z 08[APP] <TSG_IPSEC-1|2519> [COP-UPDOWN] (ref_counting_remote) ref_count_remote: 0 to 1 ++ up ++ (((Mandoon Public IP))#((TSG-DC_FW_Public IP)))
2022-05-26 03:33:46Z 08[APP] <TSG_IPSEC-1|2519> [COP-UPDOWN] (cop_updown_invoke_once) UID: 2519 Net: Local ((Mandoon Public IP)) Remote ((TSG-DC_FW_Public IP)) Connection: TSG_IPSEC Fullname: TSG_IPSEC-1
2022-05-26 03:33:46Z 08[APP] <TSG_IPSEC-1|2519> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' up-client
2022-05-26 03:33:46Z 08[IKE] <TSG_IPSEC-1|2519> establishing CHILD_SA TSG_IPSEC-2
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN][DB] (db_conn_info) hostname: 'TSG_IPSEC' result --> id: '1', mode: 'ntn', tunnel_type: '0', subnet_family:'0'
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec remote updown ++ up ++
2022-05-26 03:33:46Z 08[ENC] <TSG_IPSEC-1|2519> generating CREATE_CHILD_SA request 2 [ N(IPCOMP_SUP) SA No KE TSi TSr ]
2022-05-26 03:33:46Z 08[NET] <TSG_IPSEC-1|2519> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (384 bytes)
2022-05-26 03:33:46Z 12[NET] <TSG_IPSEC-1|2519> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (288 bytes)
2022-05-26 03:33:46Z 12[ENC] <TSG_IPSEC-1|2519> parsed CREATE_CHILD_SA response 2 [ N(IPCOMP_SUP) SA No KE TSi TSr ]
2022-05-26 03:33:46Z 12[IKE] <TSG_IPSEC-1|2519> CHILD_SA TSG_IPSEC-2{7406} established with SPIs c6bedd12_i c15eb7f5_o and TS 192.168.100.0/24 === 10.80.122.0/24
2022-05-26 03:33:46Z 12[APP] <TSG_IPSEC-1|2519> [COP-UPDOWN] (ref_counting) ref_count: 0 to 1 ++ up ++ (192.168.100.0/24#10.80.122.0/24)
2022-05-26 03:33:46Z 12[APP] <TSG_IPSEC-1|2519> [COP-UPDOWN] (ref_counting_remote) ref_count_remote: 1 to 2 ++ up ++ (((Mandoon Public IP))#((TSG-DC_FW_Public IP)))
2022-05-26 03:33:46Z 12[APP] <TSG_IPSEC-1|2519> [COP-UPDOWN] (cop_updown_invoke_once) UID: 2519 Net: Local ((Mandoon Public IP)) Remote ((TSG-DC_FW_Public IP)) Connection: TSG_IPSEC Fullname: TSG_IPSEC-1
2022-05-26 03:33:46Z 12[APP] <TSG_IPSEC-1|2519> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' up-client
2022-05-26 03:33:46Z 12[IKE] <TSG_IPSEC-1|2519> establishing CHILD_SA TSG_IPSEC-3
2022-05-26 03:33:46Z 12[ENC] <TSG_IPSEC-1|2519> generating CREATE_CHILD_SA request 3 [ N(IPCOMP_SUP) SA No KE TSi TSr ]
2022-05-26 03:33:46Z 12[NET] <TSG_IPSEC-1|2519> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (384 bytes)
2022-05-26 03:33:46Z 10[NET] <TSG_IPSEC-1|2519> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (288 bytes)
2022-05-26 03:33:46Z 10[ENC] <TSG_IPSEC-1|2519> parsed CREATE_CHILD_SA response 3 [ N(IPCOMP_SUP) SA No KE TSi TSr ]
2022-05-26 03:33:46Z 10[IKE] <TSG_IPSEC-1|2519> CHILD_SA TSG_IPSEC-3{7407} established with SPIs c282f840_i cd54e16c_o and TS 192.168.100.0/24 === 10.80.120.0/24
2022-05-26 03:33:46Z 10[APP] <TSG_IPSEC-1|2519> [COP-UPDOWN] (ref_counting) ref_count: 0 to 1 ++ up ++ (192.168.100.0/24#10.80.120.0/24)
2022-05-26 03:33:46Z 10[APP] <TSG_IPSEC-1|2519> [COP-UPDOWN] (ref_counting_remote) ref_count_remote: 2 to 3 ++ up ++ (((Mandoon Public IP))#((TSG-DC_FW_Public IP)))
2022-05-26 03:33:46Z 10[APP] <TSG_IPSEC-1|2519> [COP-UPDOWN] (cop_updown_invoke_once) UID: 2519 Net: Local ((Mandoon Public IP)) Remote ((TSG-DC_FW_Public IP)) Connection: TSG_IPSEC Fullname: TSG_IPSEC-1
2022-05-26 03:33:46Z 10[APP] <TSG_IPSEC-1|2519> [COP-UPDOWN] (cop_updown_invoke_once) Tunnel: User '' Peer-IP '' my-IP '' up-client
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_gateway_chains -t json -s nosync -b '{"local_server":"((Mandoon Public IP))","remote_server":"((TSG-DC_FW_Public IP))","action":"enable","family":"0","conntype":"ntn","compress":"1"}'': success 0
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec subnet updown ++ up ++
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [NTN] NTN get actual...
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN][DB] (db_query) No data retrieved from query: 'SELECT ( nath.netid        || '/'        || nath.netmask ) AS natedlan FROM   tblvpnconnhostrel AS rel        JOIN tblhost AS h        ON h.hostid = rel.hostid        JOIN tblhost AS nath        ON rel .natedhost = nath.hostid WHERE rel.connectionid = $1        AND rel.hostlocation = 'L'        AND h.netid = $2        AND h.netmask = $3 LIMIT 1;' status: 2 rows: 0
2022-05-26 03:33:46Z 31[APP]
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 192.168.100.0 is IP: 192.168.100.254
2022-05-26 03:33:46Z 31[APP]
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route add 10.255.255.0/24 dev ipsec0 src 192.168.100.254 table 220': success 0
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN] (add_routes) no routes to add for TSG_IPSEC on interface ipsec0
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"((Mandoon Public IP))","peer":"((TSG-DC_FW_Public IP))","mynet":"192.168.100.0/24","peernet":"10.255.255.0/24","connop":"1","iface":"Port3","myproto":"0","myport":"0","peerproto":"0","peerport":"0","conntype":"ntn","actnet":"","compress":"1","conn_id":"1"}'': success 0
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --not-protonum=6 --inzone-outzone=2': success 0
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --not-protonum=6 --inzone-outzone=5': success 0
2022-05-26 03:33:46Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --protonum=50': success 0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode set_timer_mail_updown -s nosync -t json -b '{"event":"up","conn":"TSG_IPSEC","local_net":"192.168.100.0/24","remote_net":"10.255.255.0/24","reason":"0"}'': success 0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][DB] (db_conn_info) hostname: 'TSG_IPSEC' result --> id: '1', mode: 'ntn', tunnel_type: '0', subnet_family:'0'
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) !!SKIP!! IPsec IKE for remotes (((Mandoon Public IP)) to ((TSG-DC_FW_Public IP))) already set up
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec subnet updown ++ up ++
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [NTN] NTN get actual...
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][DB] (db_query) No data retrieved from query: 'SELECT ( nath.netid        || '/'        || nath.netmask ) AS natedlan FROM   tblvpnconnhostrel AS rel        JOIN tblhost AS h        ON h.hostid = rel.hostid        JOIN tblhost AS nath        ON rel .natedhost = nath.hostid WHERE rel.connectionid = $1        AND rel.hostlocation = 'L'        AND h.netid = $2        AND h.netmask = $3 LIMIT 1;' status: 2 rows: 0
2022-05-26 03:33:47Z 31[APP]
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 192.168.100.0 is IP: 192.168.100.254
2022-05-26 03:33:47Z 31[APP]
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route add 10.80.122.0/24 dev ipsec0 src 192.168.100.254 table 220': success 0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN] (add_routes) no routes to add for TSG_IPSEC on interface ipsec0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"((Mandoon Public IP))","peer":"((TSG-DC_FW_Public IP))","mynet":"192.168.100.0/24","peernet":"10.80.122.0/24","connop":"1","iface":"Port3","myproto":"0","myport":"0","peerproto":"0","peerport":"0","conntype":"ntn","actnet":"","compress":"1","conn_id":"1"}'': success 0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --not-protonum=6 --inzone-outzone=2': success 0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --not-protonum=6 --inzone-outzone=5': success 0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --protonum=50': success 0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode set_timer_mail_updown -s nosync -t json -b '{"event":"up","conn":"TSG_IPSEC","local_net":"192.168.100.0/24","remote_net":"10.80.122.0/24","reason":"0"}'': success 0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][DB] (db_conn_info) hostname: 'TSG_IPSEC' result --> id: '1', mode: 'ntn', tunnel_type: '0', subnet_family:'0'
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) !!SKIP!! IPsec IKE for remotes (((Mandoon Public IP)) to ((TSG-DC_FW_Public IP))) already set up
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) ---- exec subnet updown ++ up ++
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [NTN] NTN get actual...
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][DB] (db_query) No data retrieved from query: 'SELECT ( nath.netid        || '/'        || nath.netmask ) AS natedlan FROM   tblvpnconnhostrel AS rel        JOIN tblhost AS h        ON h.hostid = rel.hostid        JOIN tblhost AS nath        ON rel .natedhost = nath.hostid WHERE rel.connectionid = $1        AND rel.hostlocation = 'L'        AND h.netid = $2        AND h.netmask = $3 LIMIT 1;' status: 2 rows: 0
2022-05-26 03:33:47Z 31[APP]
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [IPSEC0] using ipsec dummy interface 'ipsec0'
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][NET] (get_src_ip) source address for 192.168.100.0 is IP: 192.168.100.254
2022-05-26 03:33:47Z 31[APP]
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route add 10.80.120.0/24 dev ipsec0 src 192.168.100.254 table 220': success 0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN] (add_routes) no routes to add for TSG_IPSEC on interface ipsec0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2022-05-26 03:33:47Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'ip route flush cache': success 0
2022-05-26 03:33:48Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/service fwm:vpn_connection_chains -t json -s nosync -b '{"me":"((Mandoon Public IP))","peer":"((TSG-DC_FW_Public IP))","mynet":"192.168.100.0/24","peernet":"10.80.120.0/24","connop":"1","iface":"Port3","myproto":"0","myport":"0","peerproto":"0","peerport":"0","conntype":"ntn","actnet":"","compress":"1","conn_id":"1"}'': success 0
2022-05-26 03:33:48Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --not-protonum=6 --inzone-outzone=2': success 0
2022-05-26 03:33:48Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --not-protonum=6 --inzone-outzone=5': success 0
2022-05-26 03:33:48Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) 'conntrack -D --protonum=50': success 0
2022-05-26 03:33:48Z 31[APP] [COP-UPDOWN][SHELL] (run_shell) '/bin/opcode set_timer_mail_updown -s nosync -t json -b '{"event":"up","conn":"TSG_IPSEC","local_net":"192.168.100.0/24","remote_net":"10.80.120.0/24","reason":"0"}'': success 0
2022-05-26 03:33:49Z 19[NET] <HO_IPSEC-1|2516> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:33:49Z 19[ENC] <HO_IPSEC-1|2516> parsed INFORMATIONAL request 74 [ ]
2022-05-26 03:33:49Z 19[ENC] <HO_IPSEC-1|2516> generating INFORMATIONAL response 74 [ ]
2022-05-26 03:33:49Z 19[NET] <HO_IPSEC-1|2516> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:33:58Z 28[IKE] <HO_IPSEC-1|2514> sending DPD request
2022-05-26 03:33:58Z 28[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL request 79 [ ]
2022-05-26 03:33:58Z 28[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:33:58Z 11[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:33:58Z 11[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL request 105 [ ]
2022-05-26 03:33:58Z 11[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL response 105 [ ]
2022-05-26 03:33:58Z 11[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:33:58Z 25[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:33:58Z 25[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL response 79 [ ]
2022-05-26 03:33:58Z 20[NET] <HO_IPSEC-1|2515> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:33:58Z 20[ENC] <HO_IPSEC-1|2515> parsed INFORMATIONAL request 68 [ ]
2022-05-26 03:33:58Z 20[ENC] <HO_IPSEC-1|2515> generating INFORMATIONAL response 68 [ ]
2022-05-26 03:33:58Z 20[NET] <HO_IPSEC-1|2515> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:34:16Z 19[NET] <TSG_IPSEC-1|2519> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (80 bytes)
2022-05-26 03:34:16Z 19[ENC] <TSG_IPSEC-1|2519> parsed INFORMATIONAL request 0 [ ]
2022-05-26 03:34:16Z 19[ENC] <TSG_IPSEC-1|2519> generating INFORMATIONAL response 0 [ ]
2022-05-26 03:34:16Z 19[NET] <TSG_IPSEC-1|2519> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (80 bytes)
2022-05-26 03:34:19Z 07[NET] <HO_IPSEC-1|2516> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:34:19Z 07[ENC] <HO_IPSEC-1|2516> parsed INFORMATIONAL request 75 [ ]
2022-05-26 03:34:19Z 07[ENC] <HO_IPSEC-1|2516> generating INFORMATIONAL response 75 [ ]
2022-05-26 03:34:19Z 07[NET] <HO_IPSEC-1|2516> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:34:28Z 18[IKE] <HO_IPSEC-1|2514> sending DPD request
2022-05-26 03:34:28Z 18[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL request 80 [ ]
2022-05-26 03:34:28Z 18[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:34:28Z 05[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:34:28Z 05[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL request 106 [ ]
2022-05-26 03:34:28Z 05[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL response 106 [ ]
2022-05-26 03:34:28Z 05[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:34:28Z 21[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:34:28Z 21[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL response 80 [ ]
2022-05-26 03:34:28Z 23[NET] <HO_IPSEC-1|2515> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:34:28Z 23[ENC] <HO_IPSEC-1|2515> parsed INFORMATIONAL request 69 [ ]
2022-05-26 03:34:28Z 23[ENC] <HO_IPSEC-1|2515> generating INFORMATIONAL response 69 [ ]
2022-05-26 03:34:28Z 23[NET] <HO_IPSEC-1|2515> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:34:46Z 10[IKE] <TSG_IPSEC-1|2519> sending DPD request
2022-05-26 03:34:46Z 10[ENC] <TSG_IPSEC-1|2519> generating INFORMATIONAL request 4 [ ]
2022-05-26 03:34:46Z 10[NET] <TSG_IPSEC-1|2519> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (80 bytes)
2022-05-26 03:34:46Z 12[NET] <TSG_IPSEC-1|2519> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (80 bytes)
2022-05-26 03:34:46Z 12[ENC] <TSG_IPSEC-1|2519> parsed INFORMATIONAL response 4 [ ]
2022-05-26 03:34:49Z 22[NET] <HO_IPSEC-1|2516> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:34:49Z 22[ENC] <HO_IPSEC-1|2516> parsed INFORMATIONAL request 76 [ ]
2022-05-26 03:34:49Z 22[ENC] <HO_IPSEC-1|2516> generating INFORMATIONAL response 76 [ ]
2022-05-26 03:34:49Z 22[NET] <HO_IPSEC-1|2516> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:34:58Z 07[IKE] <HO_IPSEC-1|2514> sending DPD request
2022-05-26 03:34:58Z 07[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL request 81 [ ]
2022-05-26 03:34:58Z 07[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:34:58Z 10[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:34:58Z 10[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL request 107 [ ]
2022-05-26 03:34:58Z 10[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL response 107 [ ]
2022-05-26 03:34:58Z 10[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:34:58Z 30[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:34:58Z 30[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL response 81 [ ]
2022-05-26 03:34:58Z 14[NET] <HO_IPSEC-1|2515> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:34:58Z 14[ENC] <HO_IPSEC-1|2515> parsed INFORMATIONAL request 70 [ ]
2022-05-26 03:34:58Z 14[ENC] <HO_IPSEC-1|2515> generating INFORMATIONAL response 70 [ ]
2022-05-26 03:34:58Z 14[NET] <HO_IPSEC-1|2515> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:35:16Z 16[NET] <TSG_IPSEC-1|2519> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (80 bytes)
2022-05-26 03:35:16Z 16[ENC] <TSG_IPSEC-1|2519> parsed INFORMATIONAL request 1 [ ]
2022-05-26 03:35:16Z 16[ENC] <TSG_IPSEC-1|2519> generating INFORMATIONAL response 1 [ ]
2022-05-26 03:35:16Z 16[NET] <TSG_IPSEC-1|2519> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (80 bytes)
2022-05-26 03:35:19Z 29[IKE] <HO_IPSEC-1|2516> sending DPD request
2022-05-26 03:35:19Z 29[ENC] <HO_IPSEC-1|2516> generating INFORMATIONAL request 66 [ ]
2022-05-26 03:35:19Z 29[NET] <HO_IPSEC-1|2516> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:35:19Z 25[NET] <HO_IPSEC-1|2516> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:35:19Z 25[ENC] <HO_IPSEC-1|2516> parsed INFORMATIONAL response 66 [ ]
2022-05-26 03:35:28Z 24[IKE] <HO_IPSEC-1|2514> sending DPD request
2022-05-26 03:35:28Z 24[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL request 82 [ ]
2022-05-26 03:35:28Z 24[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:35:28Z 16[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:35:28Z 16[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL response 82 [ ]
2022-05-26 03:35:28Z 26[IKE] <HO_IPSEC-1|2515> sending DPD request
2022-05-26 03:35:28Z 26[ENC] <HO_IPSEC-1|2515> generating INFORMATIONAL request 150 [ ]
2022-05-26 03:35:28Z 26[NET] <HO_IPSEC-1|2515> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:35:28Z 09[NET] <HO_IPSEC-1|2515> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:35:28Z 09[ENC] <HO_IPSEC-1|2515> parsed INFORMATIONAL response 150 [ ]
2022-05-26 03:35:46Z 06[NET] <TSG_IPSEC-1|2519> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (80 bytes)
2022-05-26 03:35:46Z 06[ENC] <TSG_IPSEC-1|2519> parsed INFORMATIONAL request 2 [ ]
2022-05-26 03:35:46Z 06[ENC] <TSG_IPSEC-1|2519> generating INFORMATIONAL response 2 [ ]
2022-05-26 03:35:46Z 06[NET] <TSG_IPSEC-1|2519> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (80 bytes)
2022-05-26 03:35:49Z 14[NET] <HO_IPSEC-1|2516> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:35:49Z 14[ENC] <HO_IPSEC-1|2516> parsed INFORMATIONAL request 77 [ ]
2022-05-26 03:35:49Z 14[ENC] <HO_IPSEC-1|2516> generating INFORMATIONAL response 77 [ ]
2022-05-26 03:35:49Z 14[NET] <HO_IPSEC-1|2516> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:35:58Z 28[IKE] <HO_IPSEC-1|2514> sending DPD request
2022-05-26 03:35:58Z 28[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL request 83 [ ]
2022-05-26 03:35:58Z 28[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:35:58Z 20[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:35:58Z 20[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL request 108 [ ]
2022-05-26 03:35:58Z 20[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL response 108 [ ]
2022-05-26 03:35:58Z 20[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:35:58Z 22[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:35:58Z 22[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL response 83 [ ]
2022-05-26 03:35:58Z 18[NET] <HO_IPSEC-1|2515> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:35:58Z 18[ENC] <HO_IPSEC-1|2515> parsed INFORMATIONAL request 71 [ ]
2022-05-26 03:35:58Z 18[ENC] <HO_IPSEC-1|2515> generating INFORMATIONAL response 71 [ ]
2022-05-26 03:35:58Z 18[NET] <HO_IPSEC-1|2515> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:36:11Z 15[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (1252 bytes)
2022-05-26 03:36:11Z 15[ENC] <HO_IPSEC-1|2514> parsed CREATE_CHILD_SA request 109 [ EF(1/2) ]
2022-05-26 03:36:11Z 15[ENC] <HO_IPSEC-1|2514> received fragment #1 of 2, waiting for complete IKE message
2022-05-26 03:36:11Z 15[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (404 bytes)
2022-05-26 03:36:11Z 15[ENC] <HO_IPSEC-1|2514> parsed CREATE_CHILD_SA request 109 [ EF(2/2) ]
2022-05-26 03:36:11Z 15[ENC] <HO_IPSEC-1|2514> received fragment #2 of 2, reassembling fragmented IKE message
2022-05-26 03:36:11Z 15[ENC] <HO_IPSEC-1|2514> parsed CREATE_CHILD_SA request 109 [ SA No KE ]
2022-05-26 03:36:11Z 15[IKE] <HO_IPSEC-1|2514> A.B.C.D is initiating an IKE_SA
2022-05-26 03:36:11Z 15[IKE] <HO_IPSEC-1|2514> scheduling rekeying in 4967s
2022-05-26 03:36:11Z 15[IKE] <HO_IPSEC-1|2514> maximum IKE_SA lifetime 5327s
2022-05-26 03:36:11Z 15[IKE] <HO_IPSEC-1|2514> IKE_SA HO_IPSEC-1[2520] rekeyed between ((Mandoon Public IP))[((Mandoon Public IP))]...A.B.C.D[A.B.C.D]
2022-05-26 03:36:11Z 15[IKE] <HO_IPSEC-1|2514> HO_IPSEC-1[2514] giving up all children to HO_IPSEC-1[2520]
2022-05-26 03:36:11Z 15[ENC] <HO_IPSEC-1|2514> generating CREATE_CHILD_SA response 109 [ SA No KE ]
2022-05-26 03:36:11Z 15[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (224 bytes)
2022-05-26 03:36:11Z 08[NET] <HO_IPSEC-1|2514> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:36:11Z 08[ENC] <HO_IPSEC-1|2514> parsed INFORMATIONAL request 110 [ D ]
2022-05-26 03:36:11Z 08[IKE] <HO_IPSEC-1|2514> received DELETE for IKE_SA HO_IPSEC-1[2514]
2022-05-26 03:36:11Z 08[IKE] <HO_IPSEC-1|2514> deleting IKE_SA HO_IPSEC-1[2514] between ((Mandoon Public IP))[((Mandoon Public IP))]...A.B.C.D[A.B.C.D]
2022-05-26 03:36:11Z 08[IKE] <HO_IPSEC-1|2514> IKE_SA deleted
2022-05-26 03:36:11Z 08[ENC] <HO_IPSEC-1|2514> generating INFORMATIONAL response 110 [ ]
2022-05-26 03:36:11Z 08[NET] <HO_IPSEC-1|2514> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:36:12Z 30[NET] <HO_IPSEC-1|2520> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (1184 bytes)
2022-05-26 03:36:12Z 30[ENC] <HO_IPSEC-1|2520> parsed CREATE_CHILD_SA request 0 [ N(REKEY_SA) SA No KE TSi TSr ]
2022-05-26 03:36:12Z 30[IKE] <HO_IPSEC-1|2520> inbound CHILD_SA HO_IPSEC-1{7408} established with SPIs cab442e8_i c9b8ff1f_o and TS 192.168.100.0/24 === 172.16.0.0/22
2022-05-26 03:36:12Z 30[ENC] <HO_IPSEC-1|2520> generating CREATE_CHILD_SA response 0 [ SA No KE TSi TSr ]
2022-05-26 03:36:12Z 30[NET] <HO_IPSEC-1|2520> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (272 bytes)
2022-05-26 03:36:12Z 25[NET] <HO_IPSEC-1|2520> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:36:12Z 25[ENC] <HO_IPSEC-1|2520> parsed INFORMATIONAL request 1 [ D ]
2022-05-26 03:36:12Z 25[IKE] <HO_IPSEC-1|2520> received DELETE for ESP CHILD_SA with SPI cd763a3c
2022-05-26 03:36:12Z 25[IKE] <HO_IPSEC-1|2520> closing CHILD_SA HO_IPSEC-1{7402} with SPIs c8c2beb7_i (35195 bytes) cd763a3c_o (24406 bytes) and TS 192.168.100.0/24 === 172.16.0.0/22
2022-05-26 03:36:12Z 25[IKE] <HO_IPSEC-1|2520> sending DELETE for ESP CHILD_SA with SPI c8c2beb7
2022-05-26 03:36:12Z 25[IKE] <HO_IPSEC-1|2520> CHILD_SA closed
2022-05-26 03:36:12Z 25[IKE] <HO_IPSEC-1|2520> outbound CHILD_SA HO_IPSEC-1{7408} established with SPIs cab442e8_i c9b8ff1f_o and TS 192.168.100.0/24 === 172.16.0.0/22
2022-05-26 03:36:12Z 25[ENC] <HO_IPSEC-1|2520> generating INFORMATIONAL response 1 [ D ]
2022-05-26 03:36:12Z 25[NET] <HO_IPSEC-1|2520> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:36:16Z 27[NET] <TSG_IPSEC-1|2519> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (80 bytes)
2022-05-26 03:36:16Z 27[ENC] <TSG_IPSEC-1|2519> parsed INFORMATIONAL request 3 [ ]
2022-05-26 03:36:16Z 27[ENC] <TSG_IPSEC-1|2519> generating INFORMATIONAL response 3 [ ]
2022-05-26 03:36:16Z 27[NET] <TSG_IPSEC-1|2519> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (80 bytes)
2022-05-26 03:36:19Z 14[NET] <HO_IPSEC-1|2516> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:36:19Z 14[ENC] <HO_IPSEC-1|2516> parsed INFORMATIONAL request 78 [ ]
2022-05-26 03:36:19Z 14[ENC] <HO_IPSEC-1|2516> generating INFORMATIONAL response 78 [ ]
2022-05-26 03:36:19Z 14[NET] <HO_IPSEC-1|2516> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:36:28Z 06[NET] <HO_IPSEC-1|2515> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:36:28Z 06[ENC] <HO_IPSEC-1|2515> parsed INFORMATIONAL request 72 [ ]
2022-05-26 03:36:28Z 06[ENC] <HO_IPSEC-1|2515> generating INFORMATIONAL response 72 [ ]
2022-05-26 03:36:28Z 06[NET] <HO_IPSEC-1|2515> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:36:42Z 17[IKE] <HO_IPSEC-1|2520> sending DPD request
2022-05-26 03:36:42Z 17[ENC] <HO_IPSEC-1|2520> generating INFORMATIONAL request 0 [ ]
2022-05-26 03:36:42Z 17[NET] <HO_IPSEC-1|2520> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:36:42Z 15[NET] <HO_IPSEC-1|2520> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:36:42Z 15[ENC] <HO_IPSEC-1|2520> parsed INFORMATIONAL request 2 [ ]
2022-05-26 03:36:42Z 15[ENC] <HO_IPSEC-1|2520> generating INFORMATIONAL response 2 [ ]
2022-05-26 03:36:42Z 15[NET] <HO_IPSEC-1|2520> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:36:42Z 29[NET] <HO_IPSEC-1|2520> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:36:42Z 29[ENC] <HO_IPSEC-1|2520> parsed INFORMATIONAL response 0 [ ]
2022-05-26 03:36:46Z 11[NET] <TSG_IPSEC-1|2519> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (80 bytes)
2022-05-26 03:36:46Z 11[ENC] <TSG_IPSEC-1|2519> parsed INFORMATIONAL request 4 [ ]
2022-05-26 03:36:46Z 11[ENC] <TSG_IPSEC-1|2519> generating INFORMATIONAL response 4 [ ]
2022-05-26 03:36:46Z 11[NET] <TSG_IPSEC-1|2519> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (80 bytes)
2022-05-26 03:36:49Z 06[NET] <HO_IPSEC-1|2516> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:36:49Z 06[ENC] <HO_IPSEC-1|2516> parsed INFORMATIONAL request 79 [ ]
2022-05-26 03:36:49Z 06[ENC] <HO_IPSEC-1|2516> generating INFORMATIONAL response 79 [ ]
2022-05-26 03:36:49Z 06[NET] <HO_IPSEC-1|2516> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:36:58Z 12[IKE] <HO_IPSEC-1|2515> sending DPD request
2022-05-26 03:36:58Z 12[ENC] <HO_IPSEC-1|2515> generating INFORMATIONAL request 151 [ ]
2022-05-26 03:36:58Z 12[NET] <HO_IPSEC-1|2515> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:36:58Z 25[NET] <HO_IPSEC-1|2515> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:36:58Z 25[ENC] <HO_IPSEC-1|2515> parsed INFORMATIONAL response 151 [ ]
2022-05-26 03:37:12Z 32[IKE] <HO_IPSEC-1|2520> sending DPD request
2022-05-26 03:37:12Z 32[ENC] <HO_IPSEC-1|2520> generating INFORMATIONAL request 1 [ ]
2022-05-26 03:37:12Z 32[NET] <HO_IPSEC-1|2520> sending packet: from ((Mandoon Public IP))[500] to A.B.C.D[500] (96 bytes)
2022-05-26 03:37:12Z 16[NET] <HO_IPSEC-1|2520> received packet: from A.B.C.D[500] to ((Mandoon Public IP))[500] (96 bytes)
2022-05-26 03:37:12Z 16[ENC] <HO_IPSEC-1|2520> parsed INFORMATIONAL response 1 [ ]
2022-05-26 03:37:16Z 29[NET] <TSG_IPSEC-1|2519> received packet: from ((TSG-DC_FW_Public IP))[500] to ((Mandoon Public IP))[500] (80 bytes)
2022-05-26 03:37:16Z 29[ENC] <TSG_IPSEC-1|2519> parsed INFORMATIONAL request 5 [ ]
2022-05-26 03:37:16Z 29[ENC] <TSG_IPSEC-1|2519> generating INFORMATIONAL response 5 [ ]
2022-05-26 03:37:16Z 29[NET] <TSG_IPSEC-1|2519> sending packet: from ((Mandoon Public IP))[500] to ((TSG-DC_FW_Public IP))[500] (80 bytes)
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 3 years ago in reply to Ariq Aziz

Based on this it looks on the current site you are received DELETE for ESP CHILD_SA with SPI cd763a3c from the remote FW.
So, can you check the tcpdump/pcap file from both the local and remote FWs, that why you are receiving a delete from the remote site...
Create and download a packet capture : https://support.sophos.com/support/s/article/KB-000037007?language=en_US

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel
0 Ariq Aziz over 2 years ago in reply to Vivek Jagad

Hi

Im back.

Here is the latest scenario.

Both Are Sophos SFOS 18.5.3 MR-3-Build408

FW-A(DC) ----------------(ISP)----------------FW-B(Branch)

|                                               |

10.255.255.1                   192.168.100.0/24

|

L3 link

|

10.255.255.254

--------------------

LAN: 10.80.120.0/24

LAB: 10.80.122.0/24

Current Status:

a. Both Firewall's IPSec VPN config are identical

b. Policy are configured only One (Any, Any, All Subnets> Allow)

         b. FW-A has policy ID: 20

         c. FW-B has policy ID: 2

To test the Tunnel Activity this is What I Did:

From FW-A(DC): console> ping sourceip 10.255.255.1 192.168.100.254 (FW-B LAN GW)
From FW-B(Branch) console> ping sourceip 192.168.100.254 10.80.122.1 (FW-A LAN's GW)

IPSec VPN works fine for 20 mins. After 20-25 mins the PING Stops. I cant see the logs in Putty that pings are working .but the IP sec tunnel is up.

The fun part is the Log Veiw in FW shows the Traffics are working fine. Here One thing to mention, I may not see my desired Logs from the log viewer for FW_B but it shows traffic are going through the VPN Rule.

Logs From FW-A

Logs From FW_B

Im now kind of lost now. Tried all sort of things. I guess, The Strongswan logs shows Tunnel Establishment or fails only. i have checked the logs for 30 mins. the Phase-1 and Phase-2 Goes up as I manually establishes the tunnel. but the tunnes doesn't goes down. I don't know what more to check from that log.

Regards

ARIQ
Cancel
Vote Up 0 Vote Down

Cancel

IPSEC Site to Site tunnel starts to drop packets after 20 mins of tunnel establishment

Top Replies

Submitted a Tech Support Case lately from the Support Portal?