I have a user who has a very strange vpn issue where it appears to be disconnecting itself constantly.
I don't know a huge deal about ipsec but the setup is his netgear dg834 to our firewall product which is based on linux.
Some snippets from the log file today:
Thu, 2008-08-28 08:46:53 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 08:46:54 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 08:46:54 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 09:05:17 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 09:05:18 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 09:05:18 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 09:05:19 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 09:06:35 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 09:06:36 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 09:06:36 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 09:06:36 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 09:07:52 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 09:07:53 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 09:07:53 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 09:07:54 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 09:09:09 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 09:09:11 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 09:09:11 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 09:09:11 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 09:10:27 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 09:10:28 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 09:10:28 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 09:10:29 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 10:05:58 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 10:05:59 - [billingshurs] sent MR3, ISAKMP SA established
Thu, 2008-08-28 10:10:28 - [billingshurs] received Delete SA payload: deleting ISAKMP State #11
Thu, 2008-08-28 10:49:04 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 10:49:04 - [billingshurs] sent MR3, ISAKMP SA established
Thu, 2008-08-28 11:05:59 - [billingshurs] received Delete SA payload: deleting ISAKMP State #13
Thu, 2008-08-28 11:32:46 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 11:32:47 - [billingshurs] sent MR3, ISAKMP SA established
Thu, 2008-08-28 12:22:20 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 12:22:20 - [billingshurs] sent MR3, ISAKMP SA established
Thu, 2008-08-28 12:32:46 - [billingshurs] received Delete SA payload: deleting ISAKMP State #15
Thu, 2008-08-28 13:08:03 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 13:08:03 - [billingshurs] sent MR3, ISAKMP SA established
Thu, 2008-08-28 13:22:19 - [billingshurs] received Delete SA payload: deleting ISAKMP State #16
Thu, 2008-08-28 13:56:37 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 13:56:37 - [billingshurs] sent MR3, ISAKMP SA established
I've set the SA lifetime on the netgear to 86400 which should equate to 24 hours but its constantly doing something, can anyone interpret this log?
/edit
Just dropped off again with some new messages:
Thu, 2008-08-28 14:42:46 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 14:42:47 - [billingshurs] sent MR3, ISAKMP SA established
Thu, 2008-08-28 14:52:51 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 14:52:52 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 14:53:02 - [billingshurs] STATE_MAIN_I1: retransmission; will wait 20s for response
Thu, 2008-08-28 14:53:22 - [billingshurs] STATE_MAIN_I1: retransmission; will wait 40s for response
Thu, 2008-08-28 14:53:55 - deleting connection "billingshurs"
Thu, 2008-08-28 14:53:55 - shutting down interface ipsec0/ppp0 x.x.x.x
Thu, 2008-08-28 14:54:05 - added connection description "billingshurs"
Thu, 2008-08-28 14:54:05 - adding interface ipsec0/ppp0 x.x.x.x
Thu, 2008-08-28 14:54:15 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 14:54:16 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 14:54:16 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 14:54:17 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 14:54:17 - [billingshurs] sent QI2, IPsec SA established
x.x.x.x = remote ip address
I don't know a huge deal about ipsec but the setup is his netgear dg834 to our firewall product which is based on linux.
Some snippets from the log file today:
Thu, 2008-08-28 08:46:53 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 08:46:54 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 08:46:54 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 09:05:17 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 09:05:18 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 09:05:18 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 09:05:19 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 09:06:35 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 09:06:36 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 09:06:36 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 09:06:36 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 09:07:52 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 09:07:53 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 09:07:53 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 09:07:54 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 09:09:09 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 09:09:11 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 09:09:11 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 09:09:11 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 09:10:27 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 09:10:28 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 09:10:28 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 09:10:29 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 10:05:58 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 10:05:59 - [billingshurs] sent MR3, ISAKMP SA established
Thu, 2008-08-28 10:10:28 - [billingshurs] received Delete SA payload: deleting ISAKMP State #11
Thu, 2008-08-28 10:49:04 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 10:49:04 - [billingshurs] sent MR3, ISAKMP SA established
Thu, 2008-08-28 11:05:59 - [billingshurs] received Delete SA payload: deleting ISAKMP State #13
Thu, 2008-08-28 11:32:46 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 11:32:47 - [billingshurs] sent MR3, ISAKMP SA established
Thu, 2008-08-28 12:22:20 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 12:22:20 - [billingshurs] sent MR3, ISAKMP SA established
Thu, 2008-08-28 12:32:46 - [billingshurs] received Delete SA payload: deleting ISAKMP State #15
Thu, 2008-08-28 13:08:03 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 13:08:03 - [billingshurs] sent MR3, ISAKMP SA established
Thu, 2008-08-28 13:22:19 - [billingshurs] received Delete SA payload: deleting ISAKMP State #16
Thu, 2008-08-28 13:56:37 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 13:56:37 - [billingshurs] sent MR3, ISAKMP SA established
I've set the SA lifetime on the netgear to 86400 which should equate to 24 hours but its constantly doing something, can anyone interpret this log?
/edit
Just dropped off again with some new messages:
Thu, 2008-08-28 14:42:46 - [billingshurs] responding to Main Mode
Thu, 2008-08-28 14:42:47 - [billingshurs] sent MR3, ISAKMP SA established
Thu, 2008-08-28 14:52:51 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 14:52:52 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 14:53:02 - [billingshurs] STATE_MAIN_I1: retransmission; will wait 20s for response
Thu, 2008-08-28 14:53:22 - [billingshurs] STATE_MAIN_I1: retransmission; will wait 40s for response
Thu, 2008-08-28 14:53:55 - deleting connection "billingshurs"
Thu, 2008-08-28 14:53:55 - shutting down interface ipsec0/ppp0 x.x.x.x
Thu, 2008-08-28 14:54:05 - added connection description "billingshurs"
Thu, 2008-08-28 14:54:05 - adding interface ipsec0/ppp0 x.x.x.x
Thu, 2008-08-28 14:54:15 - [billingshurs] terminating SAs using this connection
Thu, 2008-08-28 14:54:16 - [billingshurs] initiating Main Mode
Thu, 2008-08-28 14:54:16 - [billingshurs] ISAKMP SA established
Thu, 2008-08-28 14:54:17 - [billingshurs] sent QI2, IPsec SA established
Thu, 2008-08-28 14:54:17 - [billingshurs] sent QI2, IPsec SA established
x.x.x.x = remote ip address
Last edited: