Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2477
Views
0
Helpful
1
Replies

Phase 2 IPSec negotiation failed

gpw1002050299
Level 1
Level 1

‎10-16-2015 01:43 PM

I cannot establish a site-to-site tunnel between 2 locations.....both have the same comcast business gateway and both have an RV180. One kicks out below messages 

Fri Oct 16 15:37:18 2015 (GMT -0500): [SCRouter] [IKE] INFO:  Responding to new phase 2 negotiation: 96.89.xxx.xxx[0]<=>50.251.xxx.xxx[0]
Fri Oct 16 15:37:18 2015 (GMT -0500): [SCRouter] [IKE] ERROR:  Failed to get IPsec SA configuration for: 192.168.xxx.0/24<->192.168.xxx.0/24 from 50.251.162.173/32[62465]
Fri Oct 16 15:37:20 2015 (GMT -0500): [SCRouter] [IKE] INFO:  Sending Informational Exchange: notify payload[10637]
Fri Oct 16 15:37:23 2015 (GMT -0500): [SCRouter] [IKE] INFO:  Sending Informational Exchange: notify payload[10381]
Fri Oct 16 15:37:25 2015 (GMT -0500): [SCRouter] [IKE] INFO:  Sending Informational Exchange: notify payload[10637]

The other kicks out these and times out....

Fri Oct 16 15:39:52 2015 (GMT -0500): [RouterGallery] [IKE] INFO:  Configuration found for 96.89.xxx.xxx.
Fri Oct 16 15:39:52 2015 (GMT -0500): [RouterGallery] [IKE] INFO:  Configuration found for 96.89.xxx.xxx.
Fri Oct 16 15:39:52 2015 (GMT -0500): [RouterGallery] [IKE] INFO:  Initiating new phase 2 negotiation: 50.251.xxx.xxx[500]<=>96.89.xxx.xxx[0]
Fri Oct 16 15:39:57 2015 (GMT -0500): [RouterGallery] [IKE] INFO:  Sending Informational Exchange: notify payload[10637]
Fri Oct 16 15:39:57 2015 (GMT -0500): [RouterGallery] [IKE] INFO:  Sending Informational Exchange: notify payload[10381]

 

Any hint to what the problem might be ??

Labels:
0 Helpful
1 Reply 1

Martin Hruby
Level 1
Level 1

‎10-20-2015 10:20 PM

Hello

It seems that the first router receives a request for IPSec Phase 2 negotiation but cannot find any entry for the peer in local configuration. He then sends an IKE Informational message to the second router and resets the negotiation. I would check if the peers are configured with correct IP addresses and masks, also that you have the correct IKE mode on both sides, plus the standard stuff (DH group, PFS, session attributes and encryption domain must be identical so that when a peer sends you a Phase 2 proposal you find an exact match for it in your configuration).

Best regards,
Martin

0 Helpful
Customers Also Viewed These Support Documents