Showing results for 
Search instead for 
Did you mean: 

RV320 VPN Connection - ignoring Delete SA payload: PROTO_IPSEC_ESP SA

I have RV320 (Serial Number: NKS17161863 Firmware Version: v1.1.1.19 (2014-12-01, 12:38:04)) 
and Two RV130:
RV130 #1 
System Name: router8E6AAF
Firmware Version:
Serial Number: CCQ18391LCX
RV130 # 2
System Name: router8E6A58
Firmware Version:
Serial Number: CCQ18391LC4
The VPN Server is RV320 and the setting is
The Settings on RV130’s is:
And Log is sending me errors 
2015-04-03, 11:10:19 VPN Log [g2gips2] #361: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0xd2c697fd < 0xc996e19a}
2015-04-03, 11:12:34 VPN Log [g2gips0] #362: [Tunnel Established] ISAKMP SA established
2015-04-03, 11:26:04 ALLOW UDP -> on eth2
2015-04-03, 11:26:04 VPN Log [g2gips0] #363: [Tunnel Established] IPsec SA established {ESP=>0x33533382 < 0xc3fbe46e}
2015-04-03, 11:26:04 VPN Log [g2gips0] #362: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x96a8668e) not found (maybe expired)
I thing the last Record is the problem. Can you help me?

and The RV320 is sending me still 

Apr  3 11:46:08 2015 globalomax VPN Log: [g2gips2] #364: [Tunnel Established] ISAKMP SA established

Apr  3 11:46:34 2015 globalomax VPN Log: [g2gips2] #364: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xbe275da3) not found (maybe expired)

Apr  3 12:09:02 2015 globalomax VPN Log: [g2gips2] #365: [Tunnel Established] sent QI2, IPsec SA established {ESP=>0x6ab287ba < 0xca70c778}

Apr  3 12:09:02 2015 globalomax VPN Log: [g2gips2] #364: [Tunnel Authorize Fail] ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xd2c697fd) not found (maybe expired)

Apr  3 12:12:34 2015 globalomax ALLOW UDP -> on eth2

I have the same problem, but with a RV325 and three RV320.

Everything was working fine and then today, started getting this error. Did you find a solution for this?


I hate to say "me too", but I'm also having the same problem. Firmware v1.1.1.19. Two RV320s and one RV325. Using NAT (NAT Traversal turned on).

When this error occurs dead peer detection doesn't seem to catch it, both sides show the tunnel as up (but it's not working) and the only fix is to re-connect the tunnel manually.

Sometimes just pinging the "dead" tunnel causes the units to reboot. The system log is useless unless you count helpful messages like "Kernel : protocol 0800 is buggy, dev eth0" repeated over and over.

It's very frustrating, I'm about ready to give up these devices.


I found an answer.


The message is informational in nature and is not the cause of any problems. the routers run Linux and use the open source codebase....


"When an IPsec SA is about to expire *swan sends a delete SA notification
to the peer. Since the same IPsec SA is also about to expire on the
peer side, often the peer is a little faster and has already deleted
the IPsec SA itself. Thus when the delete SA message arrives, the IPsec SA
doesn't exist anymore and the warning below is issued in the log.

If you want to study the SA renewal and deletion mechanism in detail
you can do this by activating the following debug option

   ipsec whack --debug-lifecycle"


In my case, the ISP is Comcast and they were filtering UDP packets, causing the issue. A call to their business tech support and an explanation of our need to use an IPSEC VPN  tunnel which uses UDP resolved the problem.

The Cisco VPN routers (RV325 & RV320) work great and I haven't had any problems since. There is excellent tech support from Cisco, you just have to follow their procedures and register the serial numbers of your devices. They helped me even without a service contract, but I purchased one anyway. It's only $56 for a 3 year support agreement at CDW.

Hope that helps.


p.s. a 3 year support contract is only $56 from CDW...