cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
370
Views
0
Helpful
2
Replies

Down negotiating

smithy14975
Level 1
Level 1

 

 

 

I have a tunnel where I have access to both sides.

at 12:32AM May 3rd 2024 the tunnel went down and now will not negotiate.

 

No changes were made

 

THIS IS THE FAR side.  This is peer 63.45.114.46

May 6 08:48:43.038 CDT: IKEv2-ERROR:(SESSION ID = 1,SA ID = 1):: Maximum number of retransmissions reached
*May 6 08:48:43.038 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):Failed SA init exchange
*May 6 08:48:43.038 CDT: IKEv2-ERROR:(SESSION ID = 1,SA ID = 1):Initial exchange failed: Initial exchange failed
*May 6 08:48:43.039 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):Abort exchange
*May 6 08:48:43.040 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):Deleting SA
*May 6 08:49:12.427 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 24
*May 6 08:49:12.427 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):Request queued for computation of DH key
*May 6 08:49:12.427 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):Generating IKE_SA_INIT message
*May 6 08:49:12.428 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 8

This is the NEAR SIDE.  This is peer 129.176.60.120

ay 6 08:51:59.765: IKEv2:(SESSION ID = 18611085,SA ID = 38):Retransmitting packet

May 6 08:51:59.765: IKEv2:(SESSION ID = 18611085,SA ID = 38):Sending Packet [To 63.45.114.46:500/From 129.176.60.120:500/VRF i0:f0]
Initiator SPI : 3C87FE169191C40B - Responder SPI : D00EEA140E72C307 Message id: 0
IKEv2 IKE_SA_INIT Exchange RESPONSE
Payload contents:
SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP)

May 6 08:51:59.765: IKEv2:(SESSION ID = 18611085,SA ID = 38):Packet is a retransmission
May 6 08:52:01.422: IKEv2-ERROR:(SESSION ID = 18611085,SA ID = 38):: Failed to receive the AUTH msg before the timer expired
May 6 08:52:01.422: IKEv2:(SESSION ID = 18611085,SA ID = 38):Auth exchange failed
May 6 08:52:01.422: IKEv2-ERROR:(SESSION ID = 18611085,SA ID = 38):: Auth exchange failed
May 6 08:52:01.422: IKEv2:(SESSION ID = 18611085,SA ID = 38):Abort exchange
May 6 08:52:01.422: IKEv2:(SESSION ID = 18611085,SA ID = 38):Deleting SA
May 6 08:52:03.842: IKEv2:(SESSION ID = 18611088,SA ID = 69):Retransmitting packet

May 6 08:52:03.842: IKEv2:(SESSION ID = 18611088,SA ID = 69):Sending Packet [To 63.45.114.46:500/From 129.176.60.120:500/VRF i0:f0]
Initiator SPI : 071A490CBEF2267B - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP)

 

2 Replies 2

smithy14975
Level 1
Level 1
 

The auth failed 

Are you sure that both peer use same IP as local and remote identity?

MHM