IPsec problem between Azure and cisco 2900

cipria89 · ‎09-22-2021

Hi, im having problems with a site-to-site between an azure web server and my cisco 2900, wich randomly disconnects with the following debug message :

Sep 22 19:16:32.831: IPSEC:(SESSION ID = 99405) still in use sa: 0x2471925C
Sep 22 19:16:32.831: IPSEC:(SESSION ID = 99405) (key_engine_delete_sas) delete SA with spi 0x343959A4 proto 50 for 186.153.138.2
Sep 22 19:16:32.835: IPSEC(send_delete_notify_kmi): not sending KEY_ENGINE_DELETE_SAS
Sep 22 19:16:32.835: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel2, changed state to down

Im debugging ISAKMP, IPSEC and Crypto Engine.

this messages are when the vpn stablishes again

Sep 22 19:18:39.456: IPSEC(ipsec_process_proposal): transform proposal not supported for identity:
{esp-gcm 256 }
Sep 22 19:18:39.456: (ipsec_process_proposal)Map Accepted: Tunnel2-head-0, 65537
Sep 22 19:18:39.464: IPSEC:(SESSION ID = 99417) (create_sa) sa created,
(sa) sa_dest= 186.xxx.xxx.2, sa_proto= 50,
sa_spi= 0xCF2224E9(3475121385),
sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 4713
sa_lifetime(k/sec)= (4608000/3600),
(identity) local= 186.xxx.xxx.2:0, remote= 13.xxx.xxx.238:0,
local_proxy= 0.0.0.0/0.0.0.0/256/0,
remote_proxy= 0.0.0.0/0.0.0.0/256/0
Sep 22 19:18:39.464: IPSEC:(SESSION ID = 99417) (create_sa) sa created,
(sa) sa_dest= 13.xxx.xxx.238, sa_proto= 50,
sa_spi= 0xE3172E98(3809947288),
sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 4714
sa_lifetime(k/sec)= (4608000/3600),
(identity) local= 186.xxx.xxx.2:0, remote= 13.xxx.xxx.238:0,
local_proxy= 0.0.0.0/0.0.0.0/256/0,
remote_proxy= 0.0.0.0/0.0.0.0/256/0
Sep 22 19:18:39.464: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel2, changed state to up

i can't figure out whats wrong with those debug messages, any help would be great.

Thanks