Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

frequent vpn tunnel drops

From: new bie kapper <securekaps () yahoo com>
Date: Fri, 27 Feb 2004 06:20:48 -0800 (PST)
hi all,
i am just stuck with this big problem and hav no clue
whatz going on!!i am into security monitoring of a
client and we have a VPN Tunnel through our VPN
CONCENTRATOR 3000 SERIES to their watchguard
firebox.The tunnel stays up for anything from 1 minute
to 2 days up and then goes down!!
Everything worked fine before 3 weeks ,but since then
its been frequent tunnel drops.i have logged the error
messages i get on my vpn concentrator to see if
anybody can help me with this.
Could there be a routing policy issue at their
end..which i doubt since it was working before!!and
since the tunnel comes up for variable times!!could be
a ipsec fragmentation issue!!??just wondering!!
thanks..below is the log
58518 02/27/2004 07:42:08.380 SEV=5 IKE/35 RPT=2455
65.68.11.49
Group [65.68.11.49]
Received remote IP Proxy Subnet data in ID Payload:
Address 10.40.1.0, Mask 255.255.255.0, Protocol 0,
Port 0

58521 02/27/2004 07:42:08.380 SEV=5 IKE/34 RPT=2458
65.68.11.49
Group [65.68.11.49]
Received local IP Proxy Subnet data in ID Payload:
Address 172.16.2.0, Mask 255.255.255.0, Protocol 0,
Port 0

58524 02/27/2004 07:42:08.380 SEV=5 IKE/66 RPT=7250
65.68.11.49
Group [65.68.11.49]
IKE Remote Peer configured for SA: L2L: CommercialBank

58525 02/27/2004 07:42:08.380 SEV=5 IKE/75 RPT=6857
65.68.11.49
Group [65.68.11.49]
Overriding Initiator's IPSec rekeying duration from
86400 to 28800 seconds

58527 02/27/2004 07:42:28.570 SEV=4 IKEDBG/0 RPT=3072
QM FSM error (P2 struct &0x330a17c, mess id
0xc0a6e099)!

58528 02/27/2004 07:42:28.570 SEV=4 IKEDBG/65 RPT=9942
65.68.11.49
Group [65.68.11.49]
IKE QM Responder FSM error history (struct &0x330a17c)
<state>, <event>:
QM_DONE, EV_ERROR
QM_WAIT_MSG3, EV_RESEND_MSG
QM_WAIT_MSG3, NullEvent
QM_SND_MSG2, EV_SND_MSG

58533 02/27/2004 07:42:38.380 SEV=4 AUTH/23 RPT=876
65.68.11.49
User 65.68.11.49 disconnected: duration: 0:56:18

58534 02/27/2004 07:42:38.600 SEV=4 IKE/41 RPT=8619
65.68.11.49
IKE Initiator: New Phase 1, Intf 2, IKE Peer
65.68.11.49
local Proxy Address 172.16.2.0, remote Proxy Address
10.40.1.0,
SA (L2L: CommercialBank)

58537 02/27/2004 07:43:10.600 SEV=4 IKEDBG/65 RPT=9943
65.68.11.49
IKE MM Initiator FSM error history (struct &0x3a2a554)
<state>, <event>:
MM_DONE, EV_ERROR
MM_WAIT_MSG2, EV_RETRY
MM_WAIT_MSG2, EV_TIMEOUT
MM_WAIT_MSG2, NullEvent

58541 02/27/2004 07:43:12.420 SEV=4 IKE/41 RPT=8620
65.68.11.49
IKE Initiator: New Phase 1, Intf 2, IKE Peer
65.68.11.49
local Proxy Address 172.16.2.0, remote Proxy Address
10.40.1.0,
SA (L2L: CommercialBank)

58544 02/27/2004 07:43:43.540 SEV=4 IKE/0 RPT=8192
65.68.11.49
Duplicate first packet detected!

58545 02/27/2004 07:43:44.420 SEV=4 IKEDBG/65 RPT=9944
65.68.11.49
IKE MM Initiator FSM error history (struct &0x373ffc4)
<state>, <event>:
MM_DONE, EV_ERROR
MM_WAIT_MSG2, EV_RETRY
MM_WAIT_MSG2, EV_TIMEOUT
MM_WAIT_MSG2, NullEvent

58549 02/27/2004 07:43:53.550 SEV=4 IKE/0 RPT=8193
65.68.11.49
Duplicate first packet detected!

58550 02/27/2004 07:44:03.560 SEV=4 IKE/0 RPT=8194
65.68.11.49
Duplicate first packet detected!

58551 02/27/2004 07:44:05.640 SEV=4 IKEDBG/65 RPT=9945
65.68.11.49
IKE MM Responder FSM error history (struct &0x37806c8)
<state>, <event>:
MM_DONE, EV_ERROR
MM_WAIT_MSG3, EV_TIMEOUT
MM_WAIT_MSG3, NullEvent
MM_SND_MSG2, EV_SND_MSG

58555 02/27/2004 07:44:07.530 SEV=4 IKE/41 RPT=8621
65.68.11.49
IKE Initiator: New Phase 1, Intf 2, IKE Peer
65.68.11.49
local Proxy Address 172.16.2.0, remote Proxy Address
10.40.1.0,
SA (L2L: CommercialBank)

58558 02/27/2004 07:44:23.580 SEV=4 IKE/0 RPT=8195
65.68.11.49
Duplicate first packet detected!

58559 02/27/2004 07:44:39.530 SEV=4 IKEDBG/65 RPT=9946
65.68.11.49
IKE MM Initiator FSM error history (struct &0x3932278)
<state>, <event>:
MM_DONE, EV_ERROR
MM_WAIT_MSG2, EV_RETRY
MM_WAIT_MSG2, EV_TIMEOUT
MM_WAIT_MSG2, NullEvent

58563 02/27/2004 07:44:45.670 SEV=4 IKEDBG/65 RPT=9947
65.68.11.49
IKE MM Responder FSM error history (struct &0x374df5c)
<state>, <event>:
MM_DONE, EV_ERROR
MM_WAIT_MSG3, EV_TIMEOUT
MM_WAIT_MSG3, NullEvent
MM_SND_MSG2, EV_SND_MSG

58567 02/27/2004 07:44:47.610 SEV=4 IKE/41 RPT=8622
65.68.11.49
IKE Initiator: New Phase 1, Intf 2, IKE Peer
65.68.11.49
local Proxy Address 172.16.2.0, remote Proxy Address
10.40.1.0,
SA (L2L: CommercialBank)

58570 02/27/2004 07:45:08.800 SEV=4 IKE/0 RPT=8196
65.68.11.49
Duplicate first packet detected!

58571 02/27/2004 07:45:19.040 SEV=4 IKE/0 RPT=8197
65.68.11.49
Duplicate first packet detected!

58572 02/27/2004 07:45:19.610 SEV=4 IKEDBG/65 RPT=9948
65.68.11.49
IKE MM Initiator FSM error history (struct &0x3738ff8)
<state>, <event>:
MM_DONE, EV_ERROR
MM_WAIT_MSG2, EV_RETRY
MM_WAIT_MSG2, EV_TIMEOUT
MM_WAIT_MSG2, NullEvent

58576 02/27/2004 07:45:29.270 SEV=4 IKE/0 RPT=8198
65.68.11.49
Duplicate first packet detected!

58577 02/27/2004 07:45:30.800 SEV=4 IKEDBG/65 RPT=9949
65.68.11.49
IKE MM Responder FSM error history (struct &0x38035f0)
<state>, <event>:
MM_DONE, EV_ERROR
MM_WAIT_MSG3, EV_TIMEOUT
MM_WAIT_MSG3, NullEvent
MM_SND_MSG2, EV_SND_MSG

58581 02/27/2004 07:45:32.710 SEV=4 IKE/41 RPT=8623
65.68.11.49
IKE Initiator: New Phase 1, Intf 2, IKE Peer
65.68.11.49
local Proxy Address 172.16.2.0, remote Proxy Address
10.40.1.0,
SA (L2L: CommercialBank)

58584 02/27/2004 07:45:49.740 SEV=4 IKE/0 RPT=8199
65.68.11.49
Duplicate first packet detected!

58585 02/27/2004 07:45:55.220 SEV=5 IKE/25 RPT=5967
65.64.127.66
Group [65.64.127.66]
Received remote Proxy Host data in ID Payload:
Address 192.168.254.14, Protocol 0, Port 0

-

__________________________________
Do you Yahoo!?
Get better spam protection with Yahoo! Mail.
http://antispam.yahoo.com/tools

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: