i have a problem with a Site-to-Site IPSec tunnel between an UTM220 and a Netscreen/Juniper NS-5GT.
When the tunnel ist established, it runs for 24 hours, then PPPoE connection on the Juniper/Netscreen side is disconnected by the ISP and reconnected immediately.
but the IPSec tunnel doesn't come up automatically again. To establish the tunnel again I have to deactivate it on the UTM220 in Site-to-Site IPSec section,
wait for 10 minutes and turn it on again, then the tunnel is established immediately.
NAT-T and DPD is enabled on both sides and the UTM220 is running on version 9.105-9.
Here is a part of the UTM220 log-file:
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1297: DPD: No response from peer - declaring peer dead
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1297: DPD: Restarting all connections of peer
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1297: DPD: Terminating all SAs using this connection
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1319: deleting state (STATE_QUICK_I2)
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitVpn1" address="" local_net="" remote_net=""
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1297: deleting state (STATE_MAIN_I4)
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: DPD: Restarting connection "S_REF_IpsSitVpn1_0"
2013:09:18-04:23:11 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1323: initiating Main Mode
2013:09:18-04:36:21 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1323: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
2013:09:18-04:36:21 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1323: starting keying attempt 2 of an unlimited number
2013:09:18-04:36:21 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1325: initiating Main Mode to replace #1323
2013:09:18-04:49:32 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1325: max number of retransmissions (20) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
2013:09:18-04:49:32 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1325: starting keying attempt 3 of an unlimited number
2013:09:18-04:49:32 SOPHOS-UTM220 pluto[6772]: "S_REF_IpsSitVpn1_0" #1327: initiating Main Mode to replace #1325
Here are a part of the Juniper/Netscreen log-file:
2013-09-18 04:28:02 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:27:49 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:27:26 system info 00536 IKE DPD found peer at not responding.
2013-09-18 04:27:02 system info 00536 IKE : Added Phase 2 session tasks to the task list.
2013-09-18 04:27:01 system info 00536 IKE Phase 1: Responder starts MAIN mode negotiations.
2013-09-18 04:26:29 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:26:02 system info 00536 IKE : Added Phase 2 session tasks to the task list.
2013-09-18 04:25:41 system info 00536 IKE Phase 1: Responder starts MAIN mode negotiations.
2013-09-18 04:25:10 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:25:09 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:25:02 system info 00536 IKE : Added Phase 2 session tasks to the task list.
2013-09-18 04:24:23 system info 00536 IKE DPD found peer at not responding.
2013-09-18 04:24:22 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022ba1e8) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022bab30) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022b98a0) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022b9d44) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022b60f0) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:0424d958) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:0424e2a0) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:0424ebe8) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:0424f530) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:0424fe78) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:042507c0) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04251108) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04251a50) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04252398) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04252ce0) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04253628) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04253f70) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:042548b8) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:04255200) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022da7ac) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022db0f4) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022dba3c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022dc384) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022dcccc) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022dd614) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022b5c4c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022de400) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022ded48) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022df690) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022dffd8) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022e0920) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022e1268) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022e1bb0) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025ed51c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025ede64) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025ee7ac) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025ef0f4) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025efa3c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f0384) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f0ccc) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f1614) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f1f5c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f28a4) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f31ec) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f3b34) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:025f447c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022b816c) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE : Phase 1 SA (my cookie:022b8f58) was removed due to a simultaneous rekey.
2013-09-18 04:24:21 system info 00536 IKE Phase 1: Responder starts MAIN mode negotiations.
2013-09-18 04:24:21 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:21 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:24:20 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:20 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:24:19 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:18 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:17 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:16 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:15 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:14 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:13 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:12 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:11 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:10 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:09 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:08 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:07 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:06 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:05 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:04 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:03 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:02 system info 00536 IKE : Added Phase 2 session tasks to the task list.
2013-09-18 04:24:02 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:01 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:24:00 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:59 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:59 system info 00536 IKE Phase 1: Retransmission limit has been reached.
2013-09-18 04:23:58 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:57 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:56 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:55 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:54 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:53 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:52 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:51 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:50 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:49 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:48 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:47 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:46 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:45 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:44 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:43 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:42 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:41 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:40 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:39 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:38 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:37 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:36 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:35 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:34 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:33 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:32 system info 00536 IKE Phase 1: Initiated negotiations in main mode.
2013-09-18 04:23:10 system info 00536 IKE Phase 1: Responder starts MAIN mode negotiations.
Has anyone an idea what the problem could be?
Thanks for your efforts.
- pro_mrjetter -
This thread was automatically locked due to age.
