Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 7628 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN goes down at random

maxic_pro
I have a strange problem with SG210, the VPN site-to-site to Cisco ASA 5520 dies a couple of times a day. 

I've attached the log, the messages that are in the end of the log continue until the VPN connection disabled and re-enabled, at which point VPN is up again for some time.


2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: DPD: Could not find newest phase 1 state
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: DPD: No response from peer - declaring peer dead
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: DPD: Restarting all connections of peer
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: DPD: Terminating all SAs using this connection
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13353: deleting state (STATE_QUICK_I2)
2015:06:08-21:56:49 bog1fwcl-2 pluto[10598]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitVpnTST" address="x.x.72.70" local_net="x.x.74.2/32" remote_net="x.x.200.6/32"
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitVpnTST" address="x.x.72.70" local_net="x.x.74.2/32" remote_net="x.x.200.6/32"
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: DPD: Restarting connection "S_REF_IpsSitVpnTST_0"
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: DPD: Terminating all SAs using this connection
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: deleting state (STATE_QUICK_I2)
2015:06:08-21:56:49 bog1fwcl-2 pluto[10598]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitVpnTST" address="x.x.72.70" local_net="x.x.74.2/32" remote_net="x.x.220.21/32"
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitVpnTST" address="x.x.72.70" local_net="x.x.74.2/32" remote_net="x.x.220.21/32"
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: DPD: Restarting connection "S_REF_IpsSitVpnTST_1"
[DPD Restarts the VPN]

2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: initiating Main Mode
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: ignoring Vendor ID payload [FRAGMENTATION c0000000]
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: ignoring Vendor ID payload [Cisco-Unity]
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: received Vendor ID payload [XAUTH]
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: ignoring Vendor ID payload [c6d54f8ae3717cb429ebe770e86ddad8]
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: ignoring Vendor ID payload [Cisco VPN 3000 Series]
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: received Vendor ID payload [Dead Peer Detection]
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: Peer ID is ID_IPV4_ADDR: 'x.x.201.30'
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: ISAKMP SA established
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13366: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#13365}
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13367: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#13365}
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13366: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="REF_IpsSitVpnTST" address="x.x.72.70" local_net="x.x.74.2/32" remote_net="x.x.220.21/32"
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13366: sent QI2, IPsec SA established {ESP=>0x80f44d2c 0x72fd0ac5 


This thread was automatically locked due to age.
Parents
  • 0
    It looks like the ASA is not allowing the SG210 to initiate a tunnel which could be an ACL issue on the ASA side. Another thing to check to ensure there is not an SA mismatch.
  • 0 in reply to Emotive
    It looks like the ASA is not allowing the SG210 to initiate a tunnel which could be an ACL issue on the ASA side. Another thing to check to ensure there is not an SA mismatch.


    Thank you for the reply, 
    i'm not sure why would you think that ASA is not allowing to initiate a tunnel - if you look at the logs, in the very beginning, after SG210 DPD kills the tunnel, it is re-established by SG210 initiating main mode.
  • 0 in reply to maxic_pro
    Thank you for the reply, 
    i'm not sure why would you think that ASA is not allowing to initiate a tunnel - if you look at the logs, in the very beginning, after SG210 DPD kills the tunnel, it is re-established by SG210 initiating main mode.


    I skipped right over that, sorry! Two more questions, what ios version is the ASA on and have you tried enabling NAT-T on the ASA side?
Reply
  • 0 in reply to maxic_pro
    Thank you for the reply, 
    i'm not sure why would you think that ASA is not allowing to initiate a tunnel - if you look at the logs, in the very beginning, after SG210 DPD kills the tunnel, it is re-established by SG210 initiating main mode.


    I skipped right over that, sorry! Two more questions, what ios version is the ASA on and have you tried enabling NAT-T on the ASA side?
Children
No Data