cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
417
Views
10
Helpful
8
Replies
Beginner

Why IPSec is working one day ?

Hi all,

I would like to ask about Gre over IPsec Tunnel.I got the IPsec is working in one day issue.it is so strange for me.

If i create new tunnel and initiate each other and work properly.But next day ( arroung 15 hours) tunnel is down and never come up.it is always show Phase one problem.it is always show phase 1 problem.But i confuse why this error didn't show when i deployed.This error show in next day and tunnel is never come up later.

i always see as below error this error mean phaes 1 error ,correct ?

I am using standalone CA.

The policy's acl or ike profile does not match the flow

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Engager

Re: Why IPSec is working one day ?

Hi,

As it is using RSA KEY and I found below error messages:

 

Failed to construct certificate request payload.
*Jun 20 14:57:05:289 2019 Branch_R1 IKE/7/ERROR: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Failed to negotiate IKE SA.
!
*Jun 20 14:57:05:265 2019 Branch_R1 IKE/7/EVENT: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Pre-shared key matching address 192.168.1.2 not found

Please share your configuration and check the RSA keys as certificate and ROOT.

 

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Resume duty after a long holiday
8 REPLIES 8
VIP Advisor

Re: Why IPSec is working one day ?

post debug crypto isa from both sides.
VIP Engager

Re: Why IPSec is working one day ?

Hi,

We need complete debug output and configuration to understand the better. 

 

There are some misleading details in the questions as Is it IPSec connection or SSL?

Spoiler
I am using standalone CA.

 

 

Regards,
Deepak Kumar,
Resume duty after a long holiday
Beginner

Re: Why IPSec is working one day ?

Hi,

Please see below attachment of debugging log.

I saw "Failed to construct certificate request payload " .Let me know it is this issue ?

Everyone's tags (4)
Beginner

Re: Why IPSec is working one day ?

Hi,

Please see below attachment of debugging log.

I saw "Failed to construct certificate request payload " .Let me know it is this issue ?

Everyone's tags (4)
VIP Engager

Re: Why IPSec is working one day ?

Hi,

As it is using RSA KEY and I found below error messages:

 

Failed to construct certificate request payload.
*Jun 20 14:57:05:289 2019 Branch_R1 IKE/7/ERROR: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Failed to negotiate IKE SA.
!
*Jun 20 14:57:05:265 2019 Branch_R1 IKE/7/EVENT: vrf = 0, src=192.168.1.100, dst = 192.168.1.2/500
Pre-shared key matching address 192.168.1.2 not found

Please share your configuration and check the RSA keys as certificate and ROOT.

 

Regards,

Deepak Kumar 

Regards,
Deepak Kumar,
Resume duty after a long holiday
Beginner

Re: Why IPSec is working one day ?

Hi ,
I am using certificate .but do you mean it public key or certificate ? Certificate mean Root cert or router cert ?
VIP Engager

Re: Why IPSec is working one day ?

HI,
Both certificates.
Regards,
Deepak Kumar,
Resume duty after a long holiday
Highlighted
Beginner

Re: Why IPSec is working one day ?

Hi,

I solved now. I upgrade the firmware . it is ok .

Everyone's tags (1)