I'm experiencing an issue with a VPN between Astaro 4.010 and Checkpoint NG SP2 using NAT traversal. Quick Mode resets were going out every 5 seconds until I stopped/started the connection. Now they're going out every 70 seconds:
Aug 20 16:49:50 fw-nz pluto[21200]: "synergy_1" #238561: max number of retransmissions (2) reached STATE_QUICK_I1
Aug 20 16:49:50 fw-nz pluto[21200]: "synergy_1" #238561: starting keying attempt 16 of an unlimited number
Aug 20 16:49:50 fw-nz pluto[21200]: "synergy_1" #238562: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #238561
Aug 20 16:51:00 fw-nz pluto[21200]: "synergy_1" #238562: max number of retransmissions (2) reached STATE_QUICK_I1
Aug 20 16:51:00 fw-nz pluto[21200]: "synergy_1" #238562: starting keying attempt 17 of an unlimited number
Aug 20 16:51:00 fw-nz pluto[21200]: "synergy_1" #238563: initiating Quick Mode PSK+ENCRYPT+TUNNEL to replace #238562
The VPN status:
000 #238563: "synergy_1" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 7s
000 #238547: "synergy_1" STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 2279s; newest IPSEC; eroute owner
000 #238547: "synergy_1" esp.caa57fef@203.167.202.230 esp.a9a6b2ea@210.55.130.147 tun.1226@203.167.202.230 tun.1225@210.55.130.147
000 #238543: "synergy_1" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 5781s; newest ISAKMP
The event retransmit in the status is contstantly a small time, too.
I've got some of the log in debug mode but want to check and see what would help troubleshoot this before I arbitrarily post.
Thanks!
This thread was automatically locked due to age.