Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6064
Views
0
Helpful
1
Replies

cisco client vpn error

lkadlik
Level 4
Level 4

‎08-05-2010 10:09 AM

It looks like when the client tries to renegiate the key it cant.  Below are the logs.  Any help would be appreciated.  There are two cisco clients being used. One on a mac (4.9.01.0180) and one on a windows xp system ( 5.0.06.0160). When it happens it looks like you are still connected but traffic stops passing thru the connection.   Thank you.

195    16:33:39.327  08/04/10  Sev=Info/4    IPSEC/0x6370000E
Key with outbound SPI=0x264e2595 is about to expire, requesting a new one

196    16:33:39.327  08/04/10  Sev=Info/4    IPSEC/0x6370000B
Key requested

197    16:33:39.327  08/04/10  Sev=Info/4    IKE/0x63000056
Received a key request from Driver: Local IP = 192.168.6.145, GW IP = 68.171.143.130, Remote IP = 0.0.0.0

198    16:33:39.327  08/04/10  Sev=Info/4    IKE/0x63000051
Initiating IKE Phase 2 (MsgID=1406F8AD)
Initiator = ID=192.168.6.145 Protocol=0 port=0, Responder = ID=0.0.0.0/0.0.0.0 Protocol=0 port=0

199    16:33:39.327  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(HASH, SA, NON, ID, ID) to 68.171.143.130

200    16:33:44.327  08/04/10  Sev=Info/4    IKE/0x63000021
Retransmitting last packet!

201    16:33:44.327  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(Retransmission) to 68.171.143.130

202    16:33:49.327  08/04/10  Sev=Info/4    IKE/0x63000021
Retransmitting last packet!

203    16:33:49.327  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(Retransmission) to 68.171.143.130

204    16:33:54.327  08/04/10  Sev=Info/4    IKE/0x63000021
Retransmitting last packet!

205    16:33:54.327  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK QM *(Retransmission) to 68.171.143.130

206    16:33:59.826  08/04/10  Sev=Info/4    IKE/0x6300002D
Phase-2 retransmission count exceeded: MsgID=1406F8AD

207    16:33:59.826  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

208    16:33:59.826  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726723

209    16:33:59.826  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 68.171.143.130

210    16:33:59.826  08/04/10  Sev=Info/4    IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=1406F8AD

211    16:34:04.998  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

212    16:34:04.998  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726724

213    16:34:09.998  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

214    16:34:09.998  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726725

215    16:34:14.998  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

216    16:34:14.998  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726726

217    16:34:19.998  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

218    16:34:19.998  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726727

219    16:34:24.998  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

220    16:34:24.998  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726728

221    16:34:29.998  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

222    16:34:29.998  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726729

223    16:34:35.497  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

224    16:34:35.497  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726730

225    16:34:40.497  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

226    16:34:40.497  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726731

227    16:34:45.497  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

228    16:34:45.497  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726732

229    16:34:50.497  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

230    16:34:50.497  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726733

231    16:34:55.497  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

232    16:34:55.497  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726734

233    16:35:00.497  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

234    16:35:00.497  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726735

235    16:35:05.497  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

236    16:35:05.497  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726736

237    16:35:10.497  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

238    16:35:10.497  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726737

239    16:35:15.996  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

240    16:35:15.996  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726738

241    16:35:20.996  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

242    16:35:20.996  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726739

243    16:35:25.996  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

244    16:35:25.996  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726740

245    16:35:30.996  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

246    16:35:30.996  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726741

247    16:35:35.996  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

248    16:35:35.996  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726742

249    16:35:40.996  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

250    16:35:40.996  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726743

251    16:35:45.996  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

252    16:35:45.996  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726744

253    16:35:51.495  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

254    16:35:51.495  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726745

255    16:35:56.495  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

256    16:35:56.495  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726746

257    16:36:01.495  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

258    16:36:01.495  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726747

259    16:36:06.495  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

260    16:36:06.495  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726748

261    16:36:11.495  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

262    16:36:11.495  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726749

263    16:36:16.495  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

264    16:36:16.495  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726750

265    16:36:21.495  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

266    16:36:21.495  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726751

267    16:36:26.495  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

268    16:36:26.495  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726752

269    16:36:31.994  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

270    16:36:31.994  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726753

271    16:36:36.994  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

272    16:36:36.994  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726754

273    16:36:41.994  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

274    16:36:41.994  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726755

275    16:36:46.994  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

276    16:36:46.994  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726756

277    16:36:52.056  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

278    16:36:52.056  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726757

279    16:36:57.056  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

280    16:36:57.056  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726758

281    16:37:02.056  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

282    16:37:02.056  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726759

283    16:37:07.056  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

284    16:37:07.056  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726760

285    16:37:12.056  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

286    16:37:12.056  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726761

287    16:37:17.056  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

288    16:37:17.056  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726762

289    16:37:22.056  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

290    16:37:22.056  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726763

291    16:37:27.056  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

292    16:37:27.056  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726764

293    16:37:32.555  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

294    16:37:32.555  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726765

295    16:37:37.555  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

296    16:37:37.555  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726766

297    16:37:42.555  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

298    16:37:42.555  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726767

299    16:37:47.555  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

300    16:37:47.555  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726768

301    16:37:52.555  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

302    16:37:52.555  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726769

303    16:37:57.555  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

304    16:37:57.555  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726770

305    16:38:02.555  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

306    16:38:02.555  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726771

307    16:38:08.054  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

308    16:38:08.054  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726772

309    16:38:13.054  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

310    16:38:13.054  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726773

311    16:38:18.054  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

312    16:38:18.054  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726774

313    16:38:23.054  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

314    16:38:23.054  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726775

315    16:38:28.054  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

316    16:38:28.054  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726776

317    16:38:33.054  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

318    16:38:33.054  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726777

319    16:38:38.054  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

320    16:38:38.054  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726778

321    16:38:43.054  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

322    16:38:43.054  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726779

323    16:38:48.553  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

324    16:38:48.553  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726780

325    16:38:53.553  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

326    16:38:53.553  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726781

327    16:38:58.553  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

328    16:38:58.553  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726782

329    16:39:03.553  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

330    16:39:03.553  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726783

331    16:39:08.553  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

332    16:39:08.553  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726784

333    16:39:13.553  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

334    16:39:13.553  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726785

335    16:39:18.287  08/04/10  Sev=Info/4    PPP/0x63200015
Processing enumerate phone book entries command

336    16:39:18.303  08/04/10  Sev=Info/4    PPP/0x6320000D
Retrieved 0 dial entries

337    16:39:18.553  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

338    16:39:18.553  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726786

339    16:39:23.553  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

340    16:39:23.553  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726787

341    16:39:29.052  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

342    16:39:29.052  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726788

343    16:39:34.052  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

344    16:39:34.052  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726789

345    16:39:39.052  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

346    16:39:39.052  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726790

347    16:39:44.052  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

348    16:39:44.052  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726791

349    16:39:49.052  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

350    16:39:49.052  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726792

351    16:39:54.052  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

352    16:39:54.052  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726793

353    16:39:59.052  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

354    16:39:59.052  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726794

355    16:40:04.551  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

356    16:40:04.551  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726795

357    16:40:09.551  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

358    16:40:09.551  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726796

359    16:40:14.551  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

360    16:40:14.551  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726797

361    16:40:19.551  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

362    16:40:19.551  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726798

363    16:40:24.551  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

364    16:40:24.551  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726799

365    16:40:29.551  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

366    16:40:29.551  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726800

367    16:40:34.551  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

368    16:40:34.551  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726801

369    16:40:39.551  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

370    16:40:39.551  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726802

371    16:40:45.050  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

372    16:40:45.050  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726803

373    16:40:50.050  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to 68.171.143.130

374    16:40:50.050  08/04/10  Sev=Info/6    IKE/0x6300003D
Sending DPD request to 68.171.143.130, our seq# = 2692726804

375    16:40:51.363  08/04/10  Sev=Info/6    GUI/0x63B0000D
Disconnecting VPN connection.

376    16:40:51.363  08/04/10  Sev=Info/4    CM/0x6310000A
Secure connections terminated

377    16:40:51.363  08/04/10  Sev=Info/4    IKE/0x63000001
IKE received signal to terminate VPN connection

378    16:40:51.363  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 68.171.143.130

379    16:40:51.363  08/04/10  Sev=Info/5    IKE/0x63000018
Deleting IPsec SA: (OUTBOUND SPI = 95254E26 INBOUND SPI = 158FAD54)

380    16:40:51.363  08/04/10  Sev=Info/4    IKE/0x63000049
Discarding IPsec SA negotiation, MsgID=DAF22250

381    16:40:51.363  08/04/10  Sev=Info/4    IKE/0x63000017
Marking IKE SA for deletion  (I_Cookie=09529039E93C10E1 R_Cookie=76D8E425C4C2BDAB) reason = DEL_REASON_RESET_SADB

382    16:40:51.363  08/04/10  Sev=Info/4    IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to 68.171.143.130

383    16:40:51.378  08/04/10  Sev=Info/5    CVPND/0x63400013
    Destination           Netmask           Gateway         Interface   Metric
        0.0.0.0           0.0.0.0      192.168.13.1    192.168.13.133       20
68.171.143.130   255.255.255.255      192.168.13.1    192.168.13.133        1
      127.0.0.0         255.0.0.0         127.0.0.1         127.0.0.1        1
    192.168.5.0     255.255.255.0     192.168.6.145     192.168.6.145        1
    192.168.6.0     255.255.255.0     192.168.6.145     192.168.6.145       20
  192.168.6.145   255.255.255.255         127.0.0.1         127.0.0.1       20
  192.168.6.255   255.255.255.255     192.168.6.145     192.168.6.145       20
   192.168.13.0     255.255.255.0    192.168.13.133    192.168.13.133       20
  192.168.13.14   255.255.255.255    192.168.13.133    192.168.13.133        1
192.168.13.133   255.255.255.255         127.0.0.1         127.0.0.1       20
192.168.13.255   255.255.255.255    192.168.13.133    192.168.13.133       20
   192.168.20.0     255.255.255.0     192.168.6.145     192.168.6.145        1
      224.0.0.0         240.0.0.0     192.168.6.145     192.168.6.145       20
      224.0.0.0         240.0.0.0    192.168.13.133    192.168.13.133       20
255.255.255.255   255.255.255.255     192.168.6.145     192.168.6.145        1
255.255.255.255   255.255.255.255    192.168.13.133    192.168.13.133        1


384    16:40:51.378  08/04/10  Sev=Info/6    CM/0x63100037
The routing table was returned to original state prior to Virtual Adapter

385    16:40:52.082  08/04/10  Sev=Info/5    CVPND/0x63400013
    Destination           Netmask           Gateway         Interface   Metric
        0.0.0.0           0.0.0.0      192.168.13.1    192.168.13.133       20
      127.0.0.0         255.0.0.0         127.0.0.1         127.0.0.1        1
   192.168.13.0     255.255.255.0    192.168.13.133    192.168.13.133       20
192.168.13.133   255.255.255.255         127.0.0.1         127.0.0.1       20
192.168.13.255   255.255.255.255    192.168.13.133    192.168.13.133       20
      224.0.0.0         240.0.0.0    192.168.13.133    192.168.13.133       20
255.255.255.255   255.255.255.255    192.168.13.133    192.168.13.133        1


386    16:40:52.082  08/04/10  Sev=Info/4    CM/0x63100035
The Virtual Adapter was disabled

387    16:40:52.082  08/04/10  Sev=Info/4    IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=09529039E93C10E1 R_Cookie=76D8E425C4C2BDAB) reason = DEL_REASON_RESET_SADB

388    16:40:52.082  08/04/10  Sev=Info/4    CM/0x63100013
Phase 1 SA deleted cause by DEL_REASON_RESET_SADB.  0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system

389    16:40:52.082  08/04/10  Sev=Info/5    CM/0x63100025
Initializing CVPNDrv

390    16:40:52.097  08/04/10  Sev=Info/6    CM/0x63100031
Tunnel to headend device 68.171.143.130 disconnected: duration: 0 days 6:31:11

391    16:40:52.097  08/04/10  Sev=Info/6    CM/0x63100046
Set tunnel established flag in registry to 0.

392    16:40:52.097  08/04/10  Sev=Info/5    CM/0x63100025
Initializing CVPNDrv

393    16:40:52.097  08/04/10  Sev=Info/6    CM/0x63100046
Set tunnel established flag in registry to 0.

394    16:40:52.097  08/04/10  Sev=Info/4    IPSEC/0x63700013
Delete internal key with SPI=0x54ad8f15

395    16:40:52.097  08/04/10  Sev=Info/4    IPSEC/0x6370000C
Key deleted by SPI 0x54ad8f15

396    16:40:52.097  08/04/10  Sev=Info/4    IPSEC/0x63700013
Delete internal key with SPI=0x264e2595

397    16:40:52.097  08/04/10  Sev=Info/4    IPSEC/0x6370000C
Key deleted by SPI 0x264e2595

398    16:40:52.097  08/04/10  Sev=Info/4    IPSEC/0x63700014
Deleted all keys

399    16:40:52.097  08/04/10  Sev=Info/4    IPSEC/0x63700014
Deleted all keys

400    16:40:52.097  08/04/10  Sev=Info/4    IPSEC/0x6370000A
IPSec driver successfully stopped

401    16:40:52.097  08/04/10  Sev=Info/4    IPSEC/0x63700014
Deleted all keys

===

Labels:
0 Helpful
1 Reply 1

Phillip Remaker
Cisco Employee
Cisco Employee

‎08-17-2010 01:35 PM

This looks like the symptoms of a NAT device in the path timing out a UDP/500 translation entry for IKE based on the fact that the IKE rekey packets are never answered.

Seems like you are not using a NAT-friendly VPN scheme - this looks like classic IPSEC (IP port 50) and IKE (UDP 500).

What is the server?  VPN3000?  IOS?  How is it configured?

In traditional VPN, the UDP/500 channel establishes the connection and conducts rekeying, while IP protocol 50 carries the payload traffic.  If you have a NAT device, the lack of traffic to UDP/500 after establishment may cause NAT devices to time out the mapping although payload continues along uninterrupted.  Subsequent contacts on UDP/500 (during a rekey) fail to connect to the VPN server, resulting in a rekey timeout.

The NAT-friendly "NAT-T" style translation (UDP/4500) or the legacy cTCP VPN scheme avoids this failure mode of keeping a separate channel for the key and transport.  Can you change to use that style VPN?

0 Helpful
Customers Also Viewed These Support Documents