We have an IPSec Lan-to-Lan tunnel configured between a VPN1 and
CVPN3015 that will drop once or twice a week. When it drops it seems to
be unable to complete phase 1 negotiation for a new tunnel for long
periods of time, although it tries constantly.

Here's what we're seeing in the CVPN log:

Apr 18 06:43:13 CVPN3015 7611550 04/18/2006 06:45:01.510 SEV=8 IKEDBG/84
RPT=3969 10.54.41.59 Group [10.54.41.59] QM IsRekeyed sa already being
rekeyed

Apr 18 06:43:13 CVPN3015 7611551 04/18/2006 06:45:01.510 SEV=4 IKEDBG/97
RPT=5020 10.54.41.59 Group [10.54.41.59] QM FSM error (P2 struct
&0x77d717c, mess id 0xcbd52404)!

Apr 18 06:43:13 CVPN3015 7611554 04/18/2006 06:45:01.510 SEV=7 IKEDBG/65
RPT=5075 10.54.41.59 Group [10.54.41.59] IKE QM Responder FSM error
history (struct &0x77d717c) , : QM_DONE, EV_ERROR
QM_BLD_MSG2, EV_IS_REKEY QM_BLD_MSG2, EV_CONFIRM_SA QM_BLD_MSG2, EV_PROC_MSG

Apr 18 06:43:13 CVPN3015 7611557 04/18/2006 06:45:01.510 SEV=9 IKEDBG/0
RPT=859163 sending delete/delete with reason message

When we look up IKEDBG/84 on the Cisco support site we get "This Debug
event is for Cisco Engineering purposes only." IKEDBG/97 returns "This
event indicates an error has occurred within the phase 2 state machine."

We've requested logging data from the far end but won't have it for
another day or so.

Anyone have an idea what's wrong here?

Thanks,
Tim

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards