IPSEC VPN tunnel issue: Phase 2 negotiation failed due to time up

ben-bowman · ‎03-07-2014

In our India office we have a Cisco SA520 firewall (public IP 182.72.111.18)

In our California office we have an ASA 5520 firewall (public IP 66.185.167.66)

We have had an IPSEC tunnel up for years and occasionally the tunnel breaks. Here is what I'm seeing on the SA520 log:

Fri Mar 07 20:47:37 2014 (GMT +0530): [Cisco] [IKE] INFO: Initiating new phase 2 negotiation: 182.72.111.18[0]<=>66.185.167.66[0]

Fri Mar 07 20:47:37 2014 (GMT +0530): [Cisco] [IKE] INFO: IPsec-SA expired: ESP/Tunnel 66.185.167.66->182.72.111.18 with spi=135271603(0x81014b3)

Fri Mar 07 20:47:38 2014 (GMT +0530): [Cisco] [IKE] INFO: IPsec-SA established: ESP/Tunnel 66.185.167.66->182.72.111.18 with spi=77516397(0x49ece6d)

Fri Mar 07 20:47:38 2014 (GMT +0530): [Cisco] [IKE] INFO: IPsec-SA established: ESP/Tunnel 182.72.111.18->66.185.167.66 with spi=163242077(0x9bae05d)

Fri Mar 07 20:48:08 2014 (GMT +0530): [Cisco] [IKE] INFO: Purged IPsec-SA with proto_id=ESP and spi=3829319182(0xe43ec60e).

Fri Mar 07 20:48:46 2014 (GMT +0530): [Cisco] [IKE] ERROR: Phase 2 negotiation failed due to time up. 0c936dfa799d6715:c1cf3817aa9302a5:c4ec6232

Fri Mar 07 20:48:46 2014 (GMT +0530): [Cisco] [IKE] INFO: an undead schedule has been deleted: 'quick_i1prep'.

What could cause this to happen intermittenly? I would think that a configuration mismatch would cause this to happen all the time.

thanks in advance

Mpolanco · ‎09-30-2022

Did you find the error or the solution?

I have a similar scenario and I would like to know about your case.