Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 979 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-site VPN not working since 5.100 update

lejzer
Hi

I'm using 2 ASL boxes for site-to site vpn. One box with ASL 4.025 and the other one with 5.100

Since the 5.100 update the vpn stoppped working, and i can't see what's wrong. No configuration is changed.

Here's a sample of the livelog from the 4.x machine:

2004-Dec  7 11:10:16 (none) pluto[14001]: "*name_removed*" #2730: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS to replace #2726 
2004-Dec  7 11:10:16 (none) pluto[14001]: "*name_removed*" #2730: sent QI2, IPsec SA established 
2004-Dec  7 11:26:11 (none) pluto[14001]: "*name_removed*" #2727: received Delete SA payload: deleting IPSEC State #2726 
2004-Dec  7 11:26:11 (none) pluto[14001]: "*name_removed*" #2727: received and ignored informational message 
2004-Dec  7 11:36:07 (none) pluto[14001]: "*name_removed*" #2731: Main mode peer ID is ID_IPV4_ADDR: '*ip_removed*' 
2004-Dec  7 11:36:07 (none) pluto[14001]: "*name_removed*" #2731: responding to Main Mode 
2004-Dec  7 11:36:07 (none) pluto[14001]: "*name_removed*" #2731: sent MR3, ISAKMP SA established 
2004-Dec  7 11:36:07 (none) pluto[14001]: packet from *ip_removed*: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00] 
2004-Dec  7 11:36:07 (none) pluto[14001]: packet from *ip_removed*: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] 
2004-Dec  7 11:36:07 (none) pluto[14001]: packet from *ip_removed*: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] 
2004-Dec  7 11:47:56 (none) pluto[14001]: "*name_removed*" #2727: received Delete SA payload: deleting ISAKMP State #2727 
2004-Dec  7 11:47:56 (none) pluto[14001]: packet from *ip_removed*: received and ignored informational message

Is there anything wrong here? 

Here's a sample from the 5.x machine:

2004:12:07-00:14:29 (none) pluto[1470]: "*name_removed*" *ip_removed* #508: initiating Main Mode to replace #503
2004:12:07-00:14:29 (none) pluto[1470]: "*name_removed*" *ip_removed* #508: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
2004:12:07-00:14:30 (none) pluto[1470]: "*name_removed*" *ip_removed* #508: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
2004:12:07-00:14:30 (none) pluto[1470]: "*name_removed*" *ip_removed* #508: Main mode peer ID is ID_IPV4_ADDR: '*ip_removed*'
2004:12:07-00:14:30 (none) pluto[1470]: "*name_removed*" *ip_removed* #508: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
2004:12:07-00:14:30 (none) pluto[1470]: "*name_removed*" *ip_removed* #508: ISAKMP SA established
2004:12:07-00:23:57 (none) pluto[1470]: packet from *ip_removed*:500: Informational Exchange is for an unknown (expired?) SA

What's wrong here? 

Thanks in advance

/ Martin


This thread was automatically locked due to age.
Parents Reply Children
No Data
Cookie Information Banner