Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1676 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Connection just loses it connection

ciphercore
Hi there,

I have a ASG-220 (latest Firmware) and have configured a VPN Tunnel (IPSec). Unfortunately this Tunnel simply stops from time to working. What I do see in the logs is: 

ISAKMP SA Established

PEER ID is ID FQDN

received Vendor ID Payload [Dead Peer Detection]

ignoring Vendor ID payload [Cisco VPN 3000 Series]

ignorinig Vendor ID payload [cc460d...........]

received Vendor ID payload [XAUTH]

ignoring Vendor ID payload [Cisco-Unity]

ignoring Vendor ID payload [FRAGMENTATION c0000000] 


As of yet, I haven't got a clue what's happening there. Has anyone an idea?

Thanks
Niels


This thread was automatically locked due to age.
  • 0
    That doesn't seem abnormal.  Please show about 20 complete lines following that.

    Cheers - Bob
  • 0 in reply to BAlfson
    Hi Bob,

    hope you meant these lines: 

    2011:10:24-22:07:57 ASG220-HarryGraz pluto[3463]: "S_REF_IpsSitHarryssbg_0" #1010: initiating Main Mode to replace #1006

    2011:10:24-22:07:57 ASG220-HarryGraz pluto[3463]: "S_REF_IpsSitHarryssbg_0" #1010: ignoring Vendor ID payload [FRAGMENTATION c0000000]

    2011:10:24-22:07:57 ASG220-HarryGraz pluto[3463]: "S_REF_IpsSitHarryssbg_0" #1010: ignoring Vendor ID payload [Cisco-Unity]

    2011:10:24-22:07:57 ASG220-HarryGraz pluto[3463]: "S_REF_IpsSitHarryssbg_0" #1010: received Vendor ID payload [XAUTH]

    2011:10:24-22:07:57 ASG220-HarryGraz pluto[3463]: "S_REF_IpsSitHarryssbg_0" #1010: ignoring Vendor ID payload [1954f9a5f0793bb607bbeabae46344d4]

    2011:10:24-22:07:57 ASG220-HarryGraz pluto[3463]: "S_REF_IpsSitHarryssbg_0" #1010: ignoring Vendor ID payload [Cisco VPN 3000 Series]

    2011:10:24-22:07:57 ASG220-HarryGraz pluto[3463]: "S_REF_IpsSitHarryssbg_0" #1010: received Vendor ID payload [Dead Peer Detection]

    2011:10:24-22:07:57 ASG220-HarryGraz pluto[3463]: "S_REF_IpsSitHarryssbg_0" #1010: Peer ID is ID_FQDN: 'asahosted.hosted.local'

    2011:10:24-22:07:57 ASG220-HarryGraz pluto[3463]: "S_REF_IpsSitHarryssbg_0" #1010: ISAKMP SA established

    2011:10:24-22:49:01 ASG220-HarryGraz pluto[3463]: "S_REF_IpsSitHarryssbg_0" #1011: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #1009 {using isakmp#1010}

    2011:10:24-22:49:01 ASG220-HarryGraz pluto[3463]: "S_REF_IpsSitHarryssbg_0" #1011: sent QI2, IPsec SA established {ESP=>0xe0ca775b 0x77631c7d 


    Are these lines you've asked for?

    Thanks for your help
    Niels
  • 0
    It looks like the answer will be in the log from the device on the other end of the VPN.

    Cheers - Bob
  • 0 in reply to BAlfson
    Hi Bob,

    would you mind explainig me how you come to that conclusion? I just want to understand it, you know!

    Thanks so far
    Regards
    Niels
  • 0
    Well, I'm no guru on this, but I don't see any "complaints" in the log, just "received Delete SA" after "IPsec SA established" - which says to me that Quick mode succeeded and they should have been ready to exchange information.

    Cheers - Bob