Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 7617 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN goes down at random

maxic_pro
I have a strange problem with SG210, the VPN site-to-site to Cisco ASA 5520 dies a couple of times a day. 

I've attached the log, the messages that are in the end of the log continue until the VPN connection disabled and re-enabled, at which point VPN is up again for some time.


2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: DPD: Could not find newest phase 1 state
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: DPD: No response from peer - declaring peer dead
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: DPD: Restarting all connections of peer
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: DPD: Terminating all SAs using this connection
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13353: deleting state (STATE_QUICK_I2)
2015:06:08-21:56:49 bog1fwcl-2 pluto[10598]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitVpnTST" address="x.x.72.70" local_net="x.x.74.2/32" remote_net="x.x.200.6/32"
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitVpnTST" address="x.x.72.70" local_net="x.x.74.2/32" remote_net="x.x.200.6/32"
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: DPD: Restarting connection "S_REF_IpsSitVpnTST_0"
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: DPD: Terminating all SAs using this connection
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13352: deleting state (STATE_QUICK_I2)
2015:06:08-21:56:49 bog1fwcl-2 pluto[10598]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitVpnTST" address="x.x.72.70" local_net="x.x.74.2/32" remote_net="x.x.220.21/32"
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: id="2204" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN down" variant="ipsec" connection="REF_IpsSitVpnTST" address="x.x.72.70" local_net="x.x.74.2/32" remote_net="x.x.220.21/32"
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: DPD: Restarting connection "S_REF_IpsSitVpnTST_1"
[DPD Restarts the VPN]

2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: initiating Main Mode
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: ignoring Vendor ID payload [FRAGMENTATION c0000000]
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: ignoring Vendor ID payload [Cisco-Unity]
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: received Vendor ID payload [XAUTH]
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: ignoring Vendor ID payload [c6d54f8ae3717cb429ebe770e86ddad8]
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: ignoring Vendor ID payload [Cisco VPN 3000 Series]
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: received Vendor ID payload [Dead Peer Detection]
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: Peer ID is ID_IPV4_ADDR: 'x.x.201.30'
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13365: ISAKMP SA established
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13366: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#13365}
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_0" #13367: initiating Quick Mode PSK+ENCRYPT+TUNNEL+UP {using isakmp#13365}
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13366: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: id="2203" severity="info" sys="SecureNet" sub="vpn" event="Site-to-site VPN up" variant="ipsec" connection="REF_IpsSitVpnTST" address="x.x.72.70" local_net="x.x.74.2/32" remote_net="x.x.220.21/32"
2015:06:08-21:56:49 bog1fwcl-1 pluto[11676]: "S_REF_IpsSitVpnTST_1" #13366: sent QI2, IPsec SA established {ESP=>0x80f44d2c 0x72fd0ac5 


This thread was automatically locked due to age.
Parents
  • 0
    Just for grins, try activating PFS on your side.  For the 'IPsec PFS group', select the same one as you have for the 'IKE DH group'.  Any luck with that?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Just for grins, try activating PFS on your side.  For the 'IPsec PFS group', select the same one as you have for the 'IKE DH group'.  Any luck with that?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML