04-03-2015 01:33 AM
04-03-2015 02:15 AM
and The RV320 is sending me still
Apr 3 11:46:08 2015 globalomax VPN Log: [g2gips2] #364: [Tunnel Established] ISAKMP SA established Apr 3 11:46:34 2015 globalomax VPN Log: [g2gips2] #364: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xbe275da3) not found (maybe expired) Apr 3 12:09:02 2015 globalomax VPN Log: [g2gips2] #365: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0x6ab287ba < 0xca70c778} Apr 3 12:09:02 2015 globalomax VPN Log: [g2gips2] #364: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xd2c697fd) not found (maybe expired) Apr 3 12:12:34 2015 globalomax ALLOW UDP 91.196.8.139:500 -> 95.51.168.122:500 on eth2
04-14-2015 01:45 PM
I have the same problem, but with a RV325 and three RV320.
Everything was working fine and then today, started getting this error. Did you find a solution for this?
04-14-2015 02:06 PM
I hate to say "me too", but I'm also having the same problem. Firmware v1.1.1.19. Two RV320s and one RV325. Using NAT (NAT Traversal turned on).
When this error occurs dead peer detection doesn't seem to catch it, both sides show the tunnel as up (but it's not working) and the only fix is to re-connect the tunnel manually.
Sometimes just pinging the "dead" tunnel causes the units to reboot. The system log is useless unless you count helpful messages like "Kernel : protocol 0800 is buggy, dev eth0" repeated over and over.
It's very frustrating, I'm about ready to give up these devices.
04-16-2015 10:13 PM
I found an answer.
The message is informational in nature and is not the cause of any problems. the routers run Linux and use the open source codebase....
"When an IPsec SA is about to expire *swan sends a delete SA notification
to the peer. Since the same IPsec SA is also about to expire on the
peer side, often the peer is a little faster and has already deleted
the IPsec SA itself. Thus when the delete SA message arrives, the IPsec SA
doesn't exist anymore and the warning below is issued in the log.
If you want to study the SA renewal and deletion mechanism in detail
you can do this by activating the following debug option
ipsec whack --debug-lifecycle"
https://lists.openswan.org/pipermail/users/2004-September/002128.html
In my case, the ISP is Comcast and they were filtering UDP packets, causing the issue. A call to their business tech support and an explanation of our need to use an IPSEC VPN tunnel which uses UDP resolved the problem.
The Cisco VPN routers (RV325 & RV320) work great and I haven't had any problems since. There is excellent tech support from Cisco, you just have to follow their procedures and register the serial numbers of your devices. They helped me even without a service contract, but I purchased one anyway. It's only $56 for a 3 year support agreement at CDW.
Hope that helps.
04-16-2015 10:15 PM
p.s. a 3 year support contract is only $56 from CDW...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide