ā05-06-2024 06:54 AM
I have a tunnel where I have access to both sides.
at 12:32AM May 3rd 2024 the tunnel went down and now will not negotiate.
No changes were made
THIS IS THE FAR side. This is peer 63.45.114.46
May 6 08:48:43.038 CDT: IKEv2-ERROR:(SESSION ID = 1,SA ID = 1):: Maximum number of retransmissions reached
*May 6 08:48:43.038 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):Failed SA init exchange
*May 6 08:48:43.038 CDT: IKEv2-ERROR:(SESSION ID = 1,SA ID = 1):Initial exchange failed: Initial exchange failed
*May 6 08:48:43.039 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):Abort exchange
*May 6 08:48:43.040 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):Deleting SA
*May 6 08:49:12.427 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):[IKEv2 -> Crypto Engine] Computing DH public key, DH Group 24
*May 6 08:49:12.427 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):Request queued for computation of DH key
*May 6 08:49:12.427 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):Generating IKE_SA_INIT message
*May 6 08:49:12.428 CDT: IKEv2:(SESSION ID = 1,SA ID = 1):IKE Proposal: 1, SPI size: 0 (initial negotiation),
Num. transforms: 8
This is the NEAR SIDE. This is peer 129.176.60.120
ay 6 08:51:59.765: IKEv2:(SESSION ID = 18611085,SA ID = 38):Retransmitting packet
May 6 08:51:59.765: IKEv2:(SESSION ID = 18611085,SA ID = 38):Sending Packet [To 63.45.114.46:500/From 129.176.60.120:500/VRF i0:f0]
Initiator SPI : 3C87FE169191C40B - Responder SPI : D00EEA140E72C307 Message id: 0
IKEv2 IKE_SA_INIT Exchange RESPONSE
Payload contents:
SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP)
May 6 08:51:59.765: IKEv2:(SESSION ID = 18611085,SA ID = 38):Packet is a retransmission
May 6 08:52:01.422: IKEv2-ERROR:(SESSION ID = 18611085,SA ID = 38):: Failed to receive the AUTH msg before the timer expired
May 6 08:52:01.422: IKEv2:(SESSION ID = 18611085,SA ID = 38):Auth exchange failed
May 6 08:52:01.422: IKEv2-ERROR:(SESSION ID = 18611085,SA ID = 38):: Auth exchange failed
May 6 08:52:01.422: IKEv2:(SESSION ID = 18611085,SA ID = 38):Abort exchange
May 6 08:52:01.422: IKEv2:(SESSION ID = 18611085,SA ID = 38):Deleting SA
May 6 08:52:03.842: IKEv2:(SESSION ID = 18611088,SA ID = 69):Retransmitting packet
May 6 08:52:03.842: IKEv2:(SESSION ID = 18611088,SA ID = 69):Sending Packet [To 63.45.114.46:500/From 129.176.60.120:500/VRF i0:f0]
Initiator SPI : 071A490CBEF2267B - Responder SPI : 0000000000000000 Message id: 0
IKEv2 IKE_SA_INIT Exchange REQUEST
Payload contents:
SA KE N VID VID VID VID NOTIFY(NAT_DETECTION_SOURCE_IP) NOTIFY(NAT_DETECTION_DESTINATION_IP)
ā05-06-2024 07:06 AM
ā05-06-2024 10:24 AM
The auth failed
Are you sure that both peer use same IP as local and remote identity?
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide