Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1952 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-Site: Ipsec just died

kdewaard
Hi All,

Last night around 0:00 all our site-to-site VPN's stopped working at 3 different individual customers and sites. I tried to restart the firewalls but this does not help. The log states:

2015:05:24-09:06:26 UTM01 pluto[6578]: "S_DELFT 1.1 > AMS 3.1" #33: responding to Main Mode
2015:05:24-09:06:56 UTM01 pluto[6578]: "S_DELFT 1.1 > AMS 3.1" #32: max number of retransmissions (2) reached STATE_MAIN_R1
2015:05:24-09:07:06 UTM01 pluto[6578]: packet from 46.244.xx.***:500: received Vendor ID payload [strongSwan]
2015:05:24-09:07:06 UTM01 pluto[6578]: packet from 46.244.xx.***:500: ignoring Vendor ID payload [Cisco-Unity]
2015:05:24-09:07:06 C201UTM01 pluto[6578]: packet from 46.244.16.130:500: received Vendor ID payload [XAUTH]
2015:05:24-09:07:06 UTM01 pluto[6578]: packet from 46.244.xx.***:500: received Vendor ID payload [Dead Peer Detection]
2015:05:24-09:07:06 UTM01 pluto[6578]: packet from 46.244.xx.***:500: received Vendor ID payload [RFC 3947]
2015:05:24-09:07:06 UTM01 pluto[6578]: packet from 46.244.xx.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
2015:05:24-09:07:06 UTM01 pluto[6578]: packet from 46.244.xx.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]
2015:05:24-09:07:06 UTM01 pluto[6578]: packet from 46.244.xx.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
2015:05:24-09:07:06 UTM01 pluto[6578]: packet from 46.244.xx.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
2015:05:24-09:07:06 UTM01 pluto[6578]: "S_DELFT 1.1 > AMS 3.1" #34: responding to Main Mode

And then its stops doing anything. The other side has;

2015:05:24-09:03:56 UTM02 pluto[9021]: loading secrets from "/etc/ipsec.secrets"
2015:05:24-09:03:56 UTM02 pluto[9021]: added connection description "S_AMS 3.1 > DFT 1.1"
2015:05:24-09:03:56 UTM02 pluto[9021]: "S_AMS 3.1 > DFT 1.1" #1: initiating Main Mode

The strange thing is that I have the  problem with multiple customers, does anyone else has seen this problem?

Regards,

Kasper


This thread was automatically locked due to age.
Parents
  • 0
    For some magical reason it works again at all sites. I see there was a new Pattern version: 81071 installed a minute ago maybe that had something to do with it. Anyway, the steps I took was flushing the DNS resolver cache and it all started working again.
Reply
  • 0
    For some magical reason it works again at all sites. I see there was a new Pattern version: 81071 installed a minute ago maybe that had something to do with it. Anyway, the steps I took was flushing the DNS resolver cache and it all started working again.
Children
No Data
Unfiltered HTML