ich habe einen VPN-Tunnel zu einer NetScreen NS5-GT, der Tunnel an sich läuft auch problemlos.
Die SOPHOS UTM läuft an einer Standleitung ohne Zwangstrennung, die NetScreen hat einen Standard VDSL Anschluss mit fester IP-Adresse aber mit Zwangstrennung.
Das Problem ist, das nach der Zwangstrennung auf der NetScreen-Seite der VPN-Tunnel nicht mehr automatisch aufgebaut wird.
Ich kann leider nicht identifizieren, wo hier das Problem liegt.
Sowohl auf SOPHOS Seite, wie auch auf NetScreen Seite sind NAT-T und DPD aktiv.
Die SOPHOS UTM 220 gibt für diese Zeit im LOG-File folgendes aus:
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1297: DPD: No response from peer - declaring peer dead
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1297: DPD: Restarting all connections of peer
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1297: DPD: Terminating all SAs using this connection
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1319: deleting state (STATE_QUICK_I2)
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitVpn1" address="" local_net="" remote_net=""
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1297: deleting state (STATE_MAIN_I4)
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: DPD: Restarting connection "S_REF_IpsSitVpn1_0"
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1323: initiating Main Mode
2013:09:18-04:36:21 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1323: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
2013:09:18-04:36:21 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1323: starting keying attempt 2 of an unlimited number
2013:09:18-04:36:21 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1325: initiating Main Mode to replace #1323
2013:09:18-04:49:32 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1325: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
2013:09:18-04:49:32 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1325: starting keying attempt 3 of an unlimited number
2013:09:18-04:49:32 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1327: initiating Main Mode to replace #1325
Die NetScreen NS5-GT gibt folgende Meldungen für diese Zeit aus:
2013-09-18 04:28:02 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:27:49 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:27:26 system info 00536 IKE DPD found peer at not responding.
2013-09-18 04:27:02 system info 00536 IKE : Added Phase 2 session tasks to the task list.
2013-09-18 04:27:01 system info 00536 IKE Phase 1: Responder starts MAIN mode negotiations.
2013-09-18 04:26:29 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:26:02 system info 00536 IKE : Added Phase 2 session tasks to the task list.
2013-09-18 04:25:41 system info 00536 IKE Phase 1: Responder starts MAIN mode negotiations.
2013-09-18 04:25:10 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:25:09 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:25:02 system info 00536 IKE : Added Phase 2 session tasks to the task list.
2013-09-18 04:24:23 system info 00536 IKE DPD found peer at not responding.
2013-09-18 04:24:22 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022ba1e8) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022bab30) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022b98a0) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022b9d44) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022b60f0) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:0424d958) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:0424e2a0) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:0424ebe8) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:0424f530) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:0424fe78) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:042507c0) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04251108) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04251a50) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04252398) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04252ce0) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04253628) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04253f70) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:042548b8) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04255200) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022da7ac) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022db0f4) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022dba3c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022dc384) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022dcccc) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022dd614) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022b5c4c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022de400) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022ded48) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022df690) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022dffd8) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022e0920) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022e1268) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022e1bb0) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025ed51c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025ede64) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025ee7ac) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025ef0f4) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025efa3c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f0384) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f0ccc) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f1614) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f1f5c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f28a4) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f31ec) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f3b34) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f447c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022b816c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022b8f58) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE Phase 1: Responder starts MAIN mode negotiations.
2013-09-18 04:24:21 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:21 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:24:20 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:20 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:24:19 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:18 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:17 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:16 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:15 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:14 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:13 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:12 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:11 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:10 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:09 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:08 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:07 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:06 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:05 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:04 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:03 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:02 system info 00536 IKE : Added Phase 2 session tasks to the task list.
2013-09-18 04:24:02 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:01 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:00 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:59 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:59 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:23:58 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:57 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:56 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:55 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:54 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:53 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:52 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:51 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:50 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:49 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:48 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:47 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:46 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:45 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:44 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:43 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:42 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:41 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:40 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:39 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:38 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:37 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:36 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:35 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:34 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:33 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:32 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:10 system info 00536 IKE Phase 1: Responder starts MAIN mode negotiations.
Hat jemand noch eine Idee, wo ich suchen muss oder was das Problem ist?
Vielen Dank.
- pro_mrjetter -
This thread was automatically locked due to age.