Cisco RV082 to ASA 5510 tunnel freezes after 8 hours. - Page 2

james.blish · ‎04-19-2012

I have a RV082 that has an issue keeping an IPSEC Gateway to Gateway VPN running from itself to our ASA 5510.

At 8 hours of connectivity (I can almost set a clock to it) the Tunnel will say it is connected on the RV082 but on the ASA 5510 the tunnel is not up.

If I click on disconnect on the RV082 under the VPN Summary page things will come back up. from the ASA 5510 side there is nothing I can do to get things back (ping inside "vpn network" or even trying to make a connection to a networked VPN machine).

To make things more complicated I have another VPN on the RV082 to a PIX 506e that works with no issues. I also have another RV082 at another location with the same settings that keeps its tunnel with the ASA 5510 with out any issue.

Some things I have tried to try and fix the issue are:

I upgrade the firmware on the Rv082 V3 from 4.0.0.7-tm (what it was shipped with) to 4.1.1.01-sp) - This seemed to have no effect.

on the RV082 I have changed the MTU from automatic to 1428 and 1452 - all this does is make the connection to the PIX 506e unstable like it is for the ASA 5510 I have changed this back to automatic.

since the time of stability seems to be 8 hours I have changed the "Phase 1 SA life time" and "Phase 2 SA life time" to 28800 both at the same time and individually - This seemed to have no effect.

The current configuration on the RV082 are:

Local security gateway type: IP Only

IP address: (local ISP provided static IP address)

Local security group type: subnet

IP address: 192.168.30.0

subnetmask: 255.255.255.0

Remote security gateway type: IP only

IP address: Remote address provided by ISP

Remote Security type: Subnet

IP address: 192.168.26.0

subnet mask: 255.255.255.0

Keying mode: IKE with Preshared key

Phase 1 DH Group: Group 2 - 1024 bit

Phase 1 Encryption: 3DES

Phase 1 Authorentication: MD5

PHase 1 SA Life Time: 86400

Perfect forward secrecy: is not checked.

Phase 2 DH Group: Group 2 - 1024 bit

Phase 2 Encryption: 3DES

phase 2 Authentication: MD5

Phase 2 SA Life Time: 86400

Preshared key: <shared-key>

Minimum Preshared Key Complexity: is checked

Preshared Key Strength meter: goes to 2 green boxes.

advanced setting nothing is set up.

ASA IPSEC related settings for this VPN:

crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac

crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto ipsec df-bit clear-df inside

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map internet_map 7 match address internet_cryptomap_7

crypto map internet_map 7 set peer (Static_IP_ADDRESS)

crypto map internet_map 7 set transform-set ESP-3DES-MD5

crypto map internet_map 7 set reverse-route

crypto isakmp enable internet

crypto isakmp policy 4

authentication pre-share

encryption aes

hash sha

group 2

lifetime 86400

crypto isakmp policy 5

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto isakmp policy 10

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

tunnel-group (Static_IP_ADDRESS) type ipsec-l2l

tunnel-group (Static_IP_ADDRESS) ipsec-attributes

pre-shared-key <shared-key>

thanks in advance.

james.blish · ‎04-25-2012

And I spoke to soon. the routers at about 15 hours uptime the tunnel colapsed.

I didn't have time to grab any of the ASA information.

but here is the log from the RV082

Apr 25 04:34:03 2012 VPN Log (g2gips0) #2134: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established

Apr 25 04:34:03 2012 VPN Log (g2gips0) #2134: ISAKMP SA established

Apr 25 04:34:23 2012 VPN Log (g2gips0) #2126: received Delete SA(0x5d1033a3) payload: deleting IPSEC State #2127

Apr 25 08:22:50 2012 System Log HTTP Basic authentication success for user: admin

Apr 25 12:12:48 2012 System Log HTTP Basic authentication success for user: admin

Apr 25 12:13:02 2012 VPN Log (g2gips1): terminating SAs using this connection

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2132: deleting state (STATE_QUICK_I2)

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2130: deleting state (STATE_MAIN_R3)

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: initiating Main Mode

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000]

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [Cisco-Unity]

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [XAUTH]

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [7e420be1beab43a69ad733fc7575fa04]

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ignoring Vendor ID payload [Cisco VPN 3000 Series]

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: received Vendor ID payload [Dead Peer Detection]

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: Peer ID is ID_IPV4_ADDR: ''

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2135: ISAKMP SA established

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: initiating Quick Mode PSK+ENCRYPT+TUNNEL {using isakmp#2135}

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1.

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] Inbound SPI value = a3811a38

Apr 25 12:13:02 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] Outbound SPI value = b68751cd

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2136: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2136: sent QI2, IPsec SA established {ESP=>0xb68751cd <0xa3811a38

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: initiating Quick Mode PSK+ENCRYPT+TUNNEL {using isakmp#2135}

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1.

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] Inbound SPI value = 405d2a04

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] Outbound SPI value = d64d6af1

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected

Apr 25 12:13:03 2012 VPN Log (g2gips1) #2137: sent QI2, IPsec SA established {ESP=>0xd64d6af1 <0x405d2a04

Apr 25 12:13:04 2012 VPN Log (g2gips1) #2135: received Delete SA(0xb68751cd) payload: deleting IPSEC State #2136

Apr 25 12:13:08 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

Apr 25 12:13:08 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

Apr 25 12:13:08 2012 VPN Log packet from :500: received Vendor ID payload [RFC 3947]

Apr 25 12:13:08 2012 VPN Log packet from :500: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000]

Apr 25 12:13:08 2012 VPN Log packet from :500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: responding to Main Mode

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: OAKLEY_AES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: OAKLEY_IDEA_CBC is not enabled for this connection. Attribute OAKLEY_HASH_ALGORITHM

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: OAKLEY_DES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: ignoring Vendor ID payload [Cisco-Unity]

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: ignoring Vendor ID payload [XAUTH]

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: ignoring Vendor ID payload [25f19f524de238c5e36def6eba419b65]

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: ignoring Vendor ID payload [Cisco VPN 3000 Series]

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet

Apr 25 12:13:08 2012 VPN Log (g2gips1) #2138: received Vendor ID payload [Dead Peer Detection]

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: received Vendor ID payload [Dead Peer Detection]

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: Peer ID is ID_IPV4_ADDR: ''

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: sent MR3, ISAKMP SA established

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: ignoring informational payload, type IPSEC_INITIAL_CONTACT

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2138: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1.

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: responding to Quick Mode

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] Inbound SPI value = 3a8e85e2

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] Outbound SPI value = e4427e59

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected

Apr 25 12:13:09 2012 VPN Log (g2gips1) #2139: IPsec SA established {ESP=>0xe4427e59 <0x3a8e85e2

rmanthey · ‎04-25-2012

What is the current status of your tunnel? is it up or down?

It looks like the RV is getting a message to delete the SA

Apr 25 12:13:04 2012 VPN Log (g2gips1) #2135: received Delete SA(0xb68751cd) payload: deleting IPSEC State #2136

Our router dosn't suport the bandwidth lifetime setting as seen in your ASA config here

crypto ipsec security-association lifetime kilobytes 4608000

= 450MB

Can you disable this setting, or do you know if you hit this bandwidth limit? The ASA would delete its IPsec SA and try to rekey but the RV would wait until the 28800 expires which is 8 hours

Cisco Small Business Support Center

Randy Manthey

CCNA, CCNA - Security

james.blish · ‎04-25-2012

Hello Randy,

current status of tunnel is up. during the day people get very upset if its down for more then 5 minutes.

I will remove the lifetime associated with transfer rates tonight and see if that helps any.

james.blish · ‎04-26-2012

Hello Randy,

I am getting the same kind of result after removing the lifetime for bytes.

19:18 was when I removed the lifetime

tunnel colapse happened about 02:50

(From ASA)

4   IKE Peer:
    Type    : user            Role    : initiator
    Rekey   : no              State   : MM_WAIT_MSG2

show crypto ipsec sa
again no information associated with the tunnel

(From RV)
Apr 25 19:18:10 2012 VPN Log (g2gips0) #2158: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Apr 25 19:18:10 2012 VPN Log (g2gips0) #2158: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Apr 25 19:19:20 2012 VPN Log (g2gips0) #2158: max number of retransmissions (2) reached STATE_MAIN_R2
Apr 25 19:19:20 2012 VPN Log (g2gips0) #2158: max number of retransmissions (2) reached STATE_MAIN_R2
Apr 26 02:52:47 2012 System Log HTTP Basic authentication success for user: admin
Apr 26 03:03:59 2012 VPN Log (g2gips1): terminating SAs using this connection
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2155: deleting state (STATE_QUICK_I2)
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2154: deleting state (STATE_MAIN_I4)
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: initiating Main Mode
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000]
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000]
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 2nd packet
Apr 26 03:03:59 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator send Main Mode 3rd packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [Cisco-Unity]
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [Cisco-Unity]
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [XAUTH]
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [XAUTH]
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [73e2f21aa703240dbf2899e6342d5019]
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [73e2f21aa703240dbf2899e6342d5019]
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [Cisco VPN 3000 Series]
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ignoring Vendor ID payload [Cisco VPN 3000 Series]
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] <<< Initiator Received Main Mode 4th packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator Send Main Mode 5th packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: received Vendor ID payload [Dead Peer Detection]
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: received Vendor ID payload [Dead Peer Detection]
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] >>> Initiator Receive Main Mode 6th packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: Peer ID is ID_IPV4_ADDR: ''
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2159: ISAKMP SA established
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: initiating Quick Mode PSK+ENCRYPT+TUNNEL {using isakmp#2159}
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] >>> Initiator send Quick Mode 1st packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] <<< Initiator Received Quick Mode 2nd packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1.
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1.
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] Inbound SPI value = 49fb7769
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] Inbound SPI value = 49fb7769
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] Outbound SPI value = de0c34e
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] Outbound SPI value = de0c34e
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] >>> Initiator Send Quick Mode 3rd packet
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Apr 26 03:04:00 2012 VPN Log (g2gips1) #2160: sent QI2, IPsec SA established {ESP=>0x0de0c34e <0x49fb7769
Apr 26 03:04:05 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Apr 26 03:04:05 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]
Apr 26 03:04:05 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Apr 26 03:04:05 2012 VPN Log packet from :500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]
Apr 26 03:04:05 2012 VPN Log packet from :500: received Vendor ID payload [RFC 3947]
Apr 26 03:04:05 2012 VPN Log packet from :500: received Vendor ID payload [RFC 3947]
Apr 26 03:04:05 2012 VPN Log packet from :500: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000]
Apr 26 03:04:05 2012 VPN Log packet from :500: ignoring Vendor ID payload [4048b7d56ebce88525e7de7f00d6c2d3c0000000]
Apr 26 03:04:05 2012 VPN Log packet from :500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Apr 26 03:04:05 2012 VPN Log packet from :500: [Tunnel Negotiation Info] <<< Responder Received Main Mode 1st packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: responding to Main Mode
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: OAKLEY_AES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: OAKLEY_AES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: OAKLEY_IDEA_CBC is not enabled for this connection. Attribute OAKLEY_HASH_ALGORITHM
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: OAKLEY_IDEA_CBC is not enabled for this connection. Attribute OAKLEY_HASH_ALGORITHM
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: OAKLEY_DES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: OAKLEY_DES_CBC is not enabled for this connection. Attribute OAKLEY_ENCRYPTION_ALGORITHM
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] >>> Responder Send Main Mode 2nd packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [Cisco-Unity]
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [Cisco-Unity]
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [XAUTH]
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [XAUTH]
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [e1a78b672bb02bdb0be76dea8648fbd9]
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [e1a78b672bb02bdb0be76dea8648fbd9]
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [Cisco VPN 3000 Series]
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring Vendor ID payload [Cisco VPN 3000 Series]
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] <<< Responder Received Main Mode 3rd packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] >>> Responder send Main Mode 4th packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: received Vendor ID payload [Dead Peer Detection]
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: received Vendor ID payload [Dead Peer Detection]
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] <<< Responder Received Main Mode 5th packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: Peer ID is ID_IPV4_ADDR: ''
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] >>> Responder Send Main Mode 6th packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] Main Mode Phase 1 SA Established
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: sent MR3, ISAKMP SA established
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2161: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 1st packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1.
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: esp_ealg_id=3-3,esp_ealg_keylen=0, key_len=192,esp_aalg_id=1-1.
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: responding to Quick Mode
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] Inbound SPI value = 529a5ff9
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] Inbound SPI value = 529a5ff9
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] Outbound SPI value = eb9e4a76
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] Outbound SPI value = eb9e4a76
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] >>> Responder send Quick Mode 2nd packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] <<< Responder Received Quick Mode 3rd packet
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: [Tunnel Negotiation Info] Quick Mode Phase 2 SA Established, IPSec Tunnel Connected
Apr 26 03:04:05 2012 VPN Log (g2gips1) #2162: IPsec SA established {ESP=>0xeb9e4a76 <0x529a5ff9

james.blish · ‎05-08-2012

The final solution to this was to take the router to factory defaults again and rebuild the VPN tunnels I am not sure what could be kept as a flag on the RV082 but a factory reset was really the solution.