Re: VPN peer sending multiple Phase 1 requests

Craddockc · ‎05-07-2018

Community,

I am noticing a partner (50.x.y.30) is sending multiple Phase 1 Requests to our VPN router (64.w.z.111) but cannot figure out why. Any idea what would cause this or how to fix it? All of our other VPN peers only show 1 Phase 1 setup.

I believe they are using a Sophos UTM on their side, we are using a Cisco 2911 on our side.

IPv4 Crypto ISAKMP SA
dst src state conn-id status
50.x.y.30 64.w.z.111 MM_NO_STATE 0 ACTIVE
50.x.y.30 64.w.z.111 MM_NO_STATE 0 ACTIVE (deleted)
64.w.z.111 50.x.y.30 MM_NO_STATE 0 ACTIVE (deleted)

Thanks.

GioGonza · ‎05-07-2018

Hello @Craddockc,

The log you provided means they are trying to setup the VPN tunnel but they are unable to do it, you see 2 attempts is because the "refresh" for the Router is a little bit slow and that´s why you see 2 but htere is no worries since the second one is deleted and it takes a while to dissapear:

dst src state conn-id status
50.x.y.30 64.w.z.111 MM_NO_STATE 0 ACTIVE
50.x.y.30 64.w.z.111 MM_NO_STATE 0 ACTIVE (deleted) --> No longer negotiating
64.w.z.111 50.x.y.30 MM_NO_STATE 0 ACTIVE (deleted) --> No longer negotiating

HTH

Gio

Craddockc · ‎05-07-2018

Gio,

Thank you very much for your replies. The VPN tunnel is back up, however my router is still showing multiple Phase 1 connections to the peer as well as one that is continually trying but failing. Is this something on the partner end that could be causing this? Multiple profiles or similar? I would like just one active Phase 1 connection.

Thanks.

IPv4 Crypto ISAKMP SA
dst src state conn-id status
50.x.y.30 64.w.z.111 QM_IDLE 8014 ACTIVE
64.w.z.111 50.x.y.30 MM_NO_STATE 0 ACTIVE (deleted)
64.w.z.111 50.x.y.30 QM_IDLE 8013 ACTIVE

dst src state conn-id status
50.x.y.30 64.w.z.111 QM_IDLE 8014 ACTIVE
64.w.z.111 50.x.y.30 MM_SA_SETUP 0 ACTIVE
64.w.z.111 50.x.y.30 QM_IDLE 8013 ACTIVE