Hi Guys,
I have a problem with a DFL-800 and a IPSec VPN connection to another firewall (brand unknown).
VPN tunnel is established and everything seems hinkydory but when a re-negotiation occurs the connection drops for about two minutes only to be established again.
with ikesnoop i have found the following
IkeSnoop: Received IKE packet from xx.xx.xxx.xx:500
Exchange type : Quick mode
ISAKMP Version : 1.0
Flags : E (encryption)
Cookies : 0x9d40944c9b4385af -> 0x87dcda45146b7e8
Message ID : 0x2c16b2fd
Packet length : 332 bytes
# payloads : 6
Payloads:
HASH (Hash)
Payload data length : 16 bytes
SA (Security Association)
Payload data length : 48 bytes
DOI : 1 (IPsec DOI)
Proposal 1/1
Protocol 1/1
Protocol ID : ESP
SPI Size : 4
SPI Value : 0xb89d687b
Transform 1/1
Transform ID : 3DES
Authentication algorithm : HMAC-MD5
SA life type : Seconds
SA life duration : 3600
Group description : MODP 1024
Encapsulation mode : Tunnel
NONCE (Nonce)
Payload data length : 64 bytes
KE (Key Exchange)
Payload data length : 128 bytes
ID (Identification)
Payload data length : 12 bytes
ID : ipv4_subnet(any:0,[0..7]=xxx.xxx.xxx.xx/24)
ID (Identification)
Payload data length : 12 bytes
ID : ipv4_subnet(any:0,[0..7]=xxx.xxx.xxx.xx/24)
2014-01-17 19:53:35: IkeSnoop: Received IKE packet from xx.xx.xxx.xx:500
2014-01-17 19:53:35: IkeSnoop: IKE packet belongs to unknown IKE SA
2014-01-17 19:53:35: IkeSnoop: Received IKE packet from xx.xx.xxx.xx:500
After the two minute slot i recieve new ike packages and the connection is once again re-established.
Is there anything you can think of that i can do on the DFL-800 side?
Author
Topic: Problem in IKE phase of a tunnel re-negotiation (Read 5098 times)