Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3576 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Weird Ipsec site-to-site issue

raiden1985
Hi,

I created a site-to-site tunnel for a customer. The tunnel comes up, stays up for about 24 hours and then goes down with the following logging:

2014:11:10-14:03:19 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #561: responding to Main Mode
2014:11:10-14:03:19 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #561: Peer ID is ID_IPV4_ADDR: '***.***.***.***'
2014:11:10-14:03:19 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #561: sent MR3, ISAKMP SA established
2014:11:10-14:03:19 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #561: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===***.***.***.***[***.***.***.***]...***.***.***.***[***.***.***.***]===***.***.***.***/32
2014:11:10-14:03:19 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #561: sending encrypted notification INVALID_ID_INFORMATION to ***.***.***.***:500
2014:11:10-14:03:20 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #478: IPsec SA expired (LATEST!)
2014:11:10-14:03:20 vpn pluto[24901]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitTunnelbla" address="***.***.***.***" local_net="172.30.15.3/32" remote_net="***.***.***.***/32"
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: received Vendor ID payload [Dead Peer Detection]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-01]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-02]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [RFC 3947]
2014:11:10-14:03:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [699369228741c6d4ca094c93e242c9de19e7b7c60000000500000500]
2014:11:10-14:03:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: responding to Main Mode
2014:11:10-14:03:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2014:11:10-14:03:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: Peer ID is ID_IPV4_ADDR: '***.***.***.***'
2014:11:10-14:03:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: sent MR3, ISAKMP SA established
2014:11:10-14:03:33 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===***.***.***.***[***.***.***.***]...***.***.***.***[***.***.***.***]===***.***.***.***/32
2014:11:10-14:03:33 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: sending encrypted notification INVALID_ID_INFORMATION to ***.***.***.***:500
2014:11:10-14:04:11 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #559: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal
2014:11:10-14:04:11 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #559: starting keying attempt 10 of an unlimited number
2014:11:10-14:04:11 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #563: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #559 {using isakmp#562}
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: received Vendor ID payload [Dead Peer Detection]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-01]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-stenberg-ipsec-nat-traversal-02]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [RFC 3947]
2014:11:10-14:04:32 vpn pluto[24901]: packet from ***.***.***.***:500: ignoring Vendor ID payload [699369228741c6d4ca094c93e242c9de19e7b7c60000000500000500]
2014:11:10-14:04:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: responding to Main Mode
2014:11:10-14:04:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: ignoring informational payload, type IPSEC_INITIAL_CONTACT
2014:11:10-14:04:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: Peer ID is ID_IPV4_ADDR: '***.***.***.***'
2014:11:10-14:04:32 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: sent MR3, ISAKMP SA established
2014:11:10-14:04:33 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===***.***.***.***[***.***.***.***]...***.***.***.***[***.***.***.***]===***.***.***.***/32
2014:11:10-14:04:33 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: sending encrypted notification INVALID_ID_INFORMATION to ***.***.***.***:500
2014:11:10-14:04:38 vpn pluto[24901]: listening for IKE messages
2014:11:10-14:04:38 vpn pluto[24901]: forgetting secrets
2014:11:10-14:04:38 vpn pluto[24901]: loading secrets from "/etc/ipsec.secrets"
2014:11:10-14:04:38 vpn pluto[24901]:   loaded PSK secret for ***.***.***.*** %any 
2014:11:10-14:04:38 vpn pluto[24901]: forgetting secrets
2014:11:10-14:04:38 vpn pluto[24901]: loading secrets from "/etc/ipsec.secrets"
2014:11:10-14:04:38 vpn pluto[24901]:   loaded PSK secret for ***.***.***.*** %any 
2014:11:10-14:04:38 vpn pluto[24901]: loading ca certificates from '/etc/ipsec.d/cacerts'
2014:11:10-14:04:38 vpn pluto[24901]:   loaded ca certificate from '/etc/ipsec.d/cacerts/REF_CaSigVpnSigniCa.pem'
2014:11:10-14:04:38 vpn pluto[24901]: loading aa certificates from '/etc/ipsec.d/aacerts'
2014:11:10-14:04:38 vpn pluto[24901]: loading ocsp certificates from '/etc/ipsec.d/ocspcerts'
2014:11:10-14:04:38 vpn pluto[24901]: loading attribute certificates from '/etc/ipsec.d/acerts'
2014:11:10-14:04:38 vpn pluto[24901]: Changing to directory '/etc/ipsec.d/crls'
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0": deleting connection
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #563: deleting state (STATE_QUICK_I1)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #544: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #490: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #493: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #560: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #542: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #499: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #527: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #519: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #538: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #518: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #496: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #528: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #525: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #498: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #522: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #508: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #507: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #505: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #562: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #534: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #504: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #551: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #540: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #516: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #502: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #557: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #547: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #546: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #545: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #535: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #543: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #532: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #495: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #556: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #548: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #530: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #497: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #517: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #501: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #558: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #524: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #537: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #492: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #488: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #561: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #553: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #514: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #511: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #549: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #509: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #483: deleting state (STATE_MAIN_I4)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #500: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #554: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #552: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #539: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #506: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #487: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #536: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #523: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #513: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #520: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #486: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #491: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #515: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #564: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #555: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #489: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #533: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #529: deleting state (STATE_MAIN_R3)
2014:11:10-14:04:38 vpn pluto[24901]: "S_REF_IpsSitTunnelbla_0" #510: deleting state (STATE_MAIN_R3)

The last part is quite strange. And the fact it is generating errors regarding INVALID_ID_INFORMATION. Can someone point me in the right direction? Is this an error at the customers firewall(not astaro).

Thanks,

With kind regards,

Jeffrey Schilperoord


This thread was automatically locked due to age.
Parents
  • 0
    Jeffrey, please click on [Go Advanced] below and attach pictures of the Edits of your IPsec Connection, Remote Gateway and the policy.  Also pictures of the corresponding settings on the other endpoint device.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Jeffrey, please click on [Go Advanced] below and attach pictures of the Edits of your IPsec Connection, Remote Gateway and the policy.  Also pictures of the corresponding settings on the other endpoint device.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML