This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec s2s VPN between ASG and Azure unstable

We have setup s2s IPsec VPN tunnel between Azure and ASG 425 appliance.

The Tunnel is up but keeps going down every 30 minutes. We can notice ping drops every 10 seconds.

Configuration : As per Microsoft TechNet .

2014:05:27-17:49:51 78-1 pluto[25229]: "S_Azure" #82: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
2014:05:27-17:49:51 78-1 pluto[25229]: "S_Azure" #82: sending encrypted notification INVALID_MESSAGE_ID to 23.97.65.37:500
2014:05:27-17:50:07 78-1 pluto[25229]: "S_Azure" #82: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
2014:05:27-17:50:07 78-1 pluto[25229]: "S_Azure" #82: sending encrypted notification INVALID_MESSAGE_ID to 23.97.65.37:500
2014:05:27-17:50:22 78-1 pluto[25229]: "S_Azure" #82: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
2014:05:27-17:50:22 78-1 pluto[25229]: "S_Azure" #82: sending encrypted notification INVALID_MESSAGE_ID to 23.97.65.37:500
2014:05:27-17:50:37 78-1 pluto[25229]: "S_Azure" #82: received Delete SA payload: replace IPSEC State #83 in 10 seconds
2014:05:27-17:50:37 78-1 pluto[25229]: "S_Azure" #82: received Delete SA payload: deleting ISAKMP State #82
2014:05:27-17:50:40 78-1 pluto[25229]: packet from 23.97.65.37:500: ignoring Vendor ID payload [01528bbbc00696121849ab9a1c5b2a5100000001]
2014:05:27-17:50:40 78-1 pluto[25229]: packet from 23.97.65.37:500: received Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000009]
2014:05:27-17:50:40 78-1 pluto[25229]: packet from 23.97.65.37:500: received Vendor ID payload [RFC 3947]
2014:05:27-17:50:40 78-1 pluto[25229]: packet from 23.97.65.37:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:05:27-17:50:40 78-1 pluto[25229]: packet from 23.97.65.37:500: ignoring Vendor ID payload [FRAGMENTATION]
2014:05:27-17:50:40 78-1 pluto[25229]: packet from 23.97.65.37:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
2014:05:27-17:50:40 78-1 pluto[25229]: packet from 23.97.65.37:500: ignoring Vendor ID payload [Vid-Initial-Contact]
2014:05:27-17:50:40 78-1 pluto[25229]: packet from 23.97.65.37:500: ignoring Vendor ID payload [IKE CGA version 1]
2014:05:27-17:50:40 78-1 pluto[25229]: "S_Azure" #84: responding to Main Mode
2014:05:27-17:50:41 78-1 pluto[25229]: "S_Azure" #84: NAT-Traversal: Result using RFC 3947: no NAT detected
2014:05:27-17:50:41 78-1 pluto[25229]: "S_Azure" #84: Peer ID is ID_IPV4_ADDR: '23.97.65.37'
2014:05:27-17:50:41 78-1 pluto[25229]: "S_Azure" #84: sent MR3, ISAKMP SA established
2014:05:27-17:50:41 78-1 pluto[25229]: "S_Azure" #84: cannot respond to IPsec SA request because no connection is known for 172.16.0.0/16===Public IP[Public IP]...23.97.65.37[23.97.65.37]===10.10.0.0/16
2014:05:27-17:50:41 78-1 pluto[25229]: "S_Azure" #84: sending encrypted notification INVALID_ID_INFORMATION to 23.97.65.37:500
2014:05:27-17:50:42 78-1 pluto[25229]: "S_Azure" #84: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
2014:05:27-17:50:42 78-1 pluto[25229]: "S_Azure" #84: sending encrypted notification INVALID_MESSAGE_ID to 23.97.65.37:500
2014:05:27-17:50:43 78-1 pluto[25229]: "S_Azure" #84: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
2014:05:27-17:50:43 78-1 pluto[25229]: "S_Azure" #84: sending encrypted notification INVALID_MESSAGE_ID to 23.97.65.37:500
2014:05:27-17:50:46 78-1 pluto[25229]: "S_Azure" #84: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x01000000 (perhaps this is a duplicated packet)
2014:05:27-17:50:46 78-1 pluto[25229]: "S_Azure" #84: sending encrypted notification INVALID_MESSAGE_ID to 23.97.65.37:500
2014:05:27-17:50:47 78-1 pluto[25229]: "S_Azure" #85: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP to replace #83 {using isakmp#84}
2014:05:27-17:50:47 78-1 pluto[25229]: "S_Azure" #85: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
2014:05:27-17:50:47 78-1 pluto[25229]: "S_Azure" #85: sent QI2, IPsec SA established {ESP=>0x05b69e96

This thread was automatically locked due to age.

0 ahmednayeem over 10 years ago

IKE Encryption : 3DES
IKE authentication : SHA1
IKE SA lifetime : 28800
IKE DH group : group2:MODP 1024

IPsec encryption : 3DES
IPsec auth : SHA1
IPsec SA lifetime : 3600
IPsec PFS group : none

dead peer : disabled
NAT traversal : enabled
Cancel
Vote Up 0 Vote Down

Cancel
0 PierceMacMillan over 8 years ago in reply to ahmednayeem

I have the same problem. Any luck with this?
Cancel
Vote Up 0 Vote Down

Cancel