cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

607
Views
50
Helpful
8
Replies
Participant

Why IPSec is working one day ?

Hi all,

I would like to ask about Gre over IPsec Tunnel.I got the IPsec is working in one day issue.it is so strange for me.

If i create new tunnel and initiate each other and work properly.But next day ( arroung 15 hours) tunnel is down and never come up.it is always show Phase one problem.it is always show phase 1 problem.But i confuse why this error didn't show when i deployed.This error show in next day and tunnel is never come up later.

i always see as below error this error mean phaes 1 error ,correct ?

I am using standalone CA.

The policy's acl or ike profile does not match the flow

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Advocate

Re: Why IPSec is working one day ?

Hi,

As it is using RSA KEY and I found below error messages:

 

Failed to construct certificate request payload.
*Jun 20 14:57:05:289 2019 Branch_R1 IKE/7/ERROR: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Failed to negotiate IKE SA.
!
*Jun 20 14:57:05:265 2019 Branch_R1 IKE/7/EVENT: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Pre-shared key matching address 192.168.1.2 not found

Please share your configuration and check the RSA keys as certificate and ROOT.

 

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!
8 REPLIES 8
VIP Advisor

Re: Why IPSec is working one day ?

post debug crypto isa from both sides.
VIP Advocate

Re: Why IPSec is working one day ?

Hi,

We need complete debug output and configuration to understand the better. 

 

There are some misleading details in the questions as Is it IPSec connection or SSL?

Spoiler
I am using standalone CA.

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!
Participant

Re: Why IPSec is working one day ?

Hi,

Please see below attachment of debugging log.

I saw "Failed to construct certificate request payload " .Let me know it is this issue ?

Everyone's tags (4)
Participant

Re: Why IPSec is working one day ?

Hi,

Please see below attachment of debugging log.

I saw "Failed to construct certificate request payload " .Let me know it is this issue ?

Everyone's tags (4)
VIP Advocate

Re: Why IPSec is working one day ?

Hi,

As it is using RSA KEY and I found below error messages:

 

Failed to construct certificate request payload.
*Jun 20 14:57:05:289 2019 Branch_R1 IKE/7/ERROR: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Failed to negotiate IKE SA.
!
*Jun 20 14:57:05:265 2019 Branch_R1 IKE/7/EVENT: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Pre-shared key matching address 192.168.1.2 not found

Please share your configuration and check the RSA keys as certificate and ROOT.

 

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!
Participant

Re: Why IPSec is working one day ?

Hi ,
I am using certificate .but do you mean it public key or certificate ? Certificate mean Root cert or router cert ?
Highlighted
VIP Advocate

Re: Why IPSec is working one day ?

HI,
Both certificates.
Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!
Participant

Re: Why IPSec is working one day ?

Hi,

I solved now. I upgrade the firmware . it is ok .

Everyone's tags (1)