Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1328 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASG 7.507 - Site to Site IP Sec - restart

Rumak18
Hello fellows,

i wanted to opst the question, if there is a possiblity to restart (Press "off" to turn the connection to "red" and press "on" to turn the connection to green) a specific IPSec Site-to-Site connection automatically. The issue about this is, that i have a connection with another location, which keeps alive only for estimated 20 hours. If i reset the connection, then the connectivity is working again. But this just shouldn't solve this problem.


This thread was automatically locked due to age.
Parents
  • 0
    Rumak, please post the lines from the IPsec logfile documenting the interrupted connection.
    Also, do you see anything in the Intrusion Prevention log when the connection fails?  And, are you saying that you have other tunnels that stay up; this one is the only one with problems?

    Hopefully, one of the linux gurus will drop by with the correct way to use the ipsec command and how to discover the connection name.

    Cheers - Bob
  • 0 in reply to BAlfson
    Hello,
    here are the messages that appears again and again until i restart the ipsec connection (I changed the ip and name):
    2010:10:26-15:46:25 firewall1-1 net1[4340]: packet from 117.65.36.32:1006: unsupported exchange type ISAKMP_XCHG_AGGR in message
    2010:10:26-15:46:25 firewall1-1 net1[4340]: packet from 117.65.36.32:1006: sending notification UNSUPPORTED_EXCHANGE_TYPE to 117.65.36.32:1006

    Answering your other questions:
    1. No, there are no special entries in the Intrusion Prevention log
    2. Yes, i have several ipsec connections and this one is the only site-to-site connection that makes problems.
  • 0 in reply to Rumak18
    You need to configure the IPsec peer gateway to use Main Mode instead of Aggressive Mode, which is not supported by the ASG.
Reply Children