Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2780
Views
0
Helpful
17
Replies

problem EASY VPN

Acruzgreg
Level 1
Level 1

‎05-17-2010 03:03 PM

hello,

i have a problem whit mi easy vpn client is down every 10 seconds an appear this this message in debug:

*Mar 11 08:50:33.557: ISAKMP:(3005):purging node -1308217119

*Mar 11 08:50:41.345: ISAKMP:(3004):purging SA., sa=83A4B344, delme=83A4B344

regards

Labels:
0 Helpful
17 Replies 17

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-17-2010 03:05 PM

Angel,

Is this an IPsec client software or an ezvpn hardware client?

The connection establishes, but it goes down every 10 seconds, is that it?

Federico.

0 Helpful

Acruzgreg
Level 1
Level 1

‎05-17-2010 03:13 PM

Hi,

the ezvpn in configured in router 800 series and it established the conection and I m can ping the private ip address of remote peer

and that this appear in the logg

*Mar 11 10:08:56.877: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down

*Mar 11 10:08:57.877: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down

*Mar 11 10:08:58.525: %CRYPTO-6-EZVPN_CONNECTION_UP: (Client)  User=XXXXX  Group=XXXXX  Server_public_addr=X.X.X.X NEM_Remote_Subnets=192.168.7.0/255.255.255.0  192.168.7.0/255.255.255.0  192.168.7.0

*Mar 11 10:08:58.533: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up

*Mar 11 10:08:59.533: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up

regards

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Acruzgreg

‎05-17-2010 03:15 PM

Seems the interface is flapping and that might be why the VPN tunnel goes down.

Isn't that the problem?

Federico.

0 Helpful

Acruzgreg
Level 1
Level 1
In response to Acruzgreg

‎05-17-2010 03:57 PM

hi,

I  chequed the ip of the lan inside interfaces and no have a problem its ok

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Acruzgreg

‎05-17-2010 04:02 PM

Angel,

I asked the question because on the messages that you attached, the interface is going up/down.

Anyway, please explain the following:

You have IPsec VPN client software connecting to the 800?

Or, the 800 are connecting as ezvpn clients to a VPN server?

Federico.

0 Helpful

Acruzgreg
Level 1
Level 1
In response to Acruzgreg

‎05-17-2010 04:08 PM

the 800 are connecting as ezvpn clients to a VPN server

and the it can comunicate whit the server only that when I pinging at the server this is succesfully when the ezvpn is down lose one packet and continue the ping succesfully

regards

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Acruzgreg

‎05-17-2010 04:12 PM

Angel,

If I understand correctly, the VPN tunnel establishes but it goes down.

If you PING, then it establishes fine, but again goes down.

Is this the problem?

Federico.

0 Helpful

Acruzgreg
Level 1
Level 1
In response to Acruzgreg

‎05-17-2010 04:17 PM

this is the debug:

*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 1424545127

*Mar 11 08:50:31.345: ISAKMP:(3004):purging node -1848733477

*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 322940248

*Mar 11 08:50:31.345: ISAKMP:(3004):purging node -292373508

*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 2088837442

*Mar 11 08:50:31.345: ISAKMP:(3004):purging node -994368148

*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 1533463870

*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 1274754254

*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 1725567880

*Mar 11 08:50:31.345: ISAKMP:(3004):purging node -1582202546

*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 335295199

*Mar 11 08:50:31.345: ISAKMP:(3004):purging node 1354640579

*Mar 11 08:50:33.201: ISAKMP:(3005):purging node 423492054

*Mar 11 08:50:33.233: ISAKMP:(3005):purging node -35547341

*Mar 11 08:50:33.233: ISAKMP:(3005):purging node -678601614

*Mar 11 08:50:33.273: ISAKMP:(3005):purging node 2105251367

*Mar 11 08:50:33.377: ISAKMP:(3005):purging node -236295930

*Mar 11 08:50:33.405: ISAKMP:(3005):purging node 1832706167

*Mar 11 08:50:33.405: ISAKMP:(3005):purging node 622989195

*Mar 11 08:50:33.429: ISAKMP:(3005):purging node 355771240

*Mar 11 08:50:33.429: ISAKMP:(3005):purging node 705069511

*Mar 11 08:50:33.437: ISAKMP:(3005):purging node 2077006263

*Mar 11 08:50:33.481: ISAKMP:(3005):purging node -1464272750

*Mar 11 08:50:33.481: ISAKMP:(3005):purging node -1856382539

*Mar 11 08:50:33.505: ISAKMP:(3005):purging node -556921504

*Mar 11 08:50:33.509: ISAKMP:(3005):purging node -548730233

*Mar 11 08:50:33.529: ISAKMP:(3005):purging node -1217521514

*Mar 11 08:50:33.529: ISAKMP:(3005):purging node -767799163

*Mar 11 08:50:33.557: ISAKMP:(3005):purging node -1045693878

*Mar 11 08:50:33.557: ISAKMP:(3005):purging node -1308217119

*Mar 11 08:50:41.345: ISAKMP:(3004):purging SA., sa=83A4B344, delme=83A4B344

*Mar 11 08:50:43.317: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client)  User=usuario  Group=password  Server_public_addr=public_address

*Mar 11 08:50:43.325: ISAKMP: set new node -53475109 to QM_IDLE

*Mar 11 08:50:43.329: ISAKMP:(3005): sending packet to (ip_address) my_port 500 peer_port 500 (I) QM_IDLE

*Mar 11 08:50:43.329: ISAKMP:(3005):Sending an IKE IPv4 Packet.

*Mar 11 08:50:43.329: ISAKMP:(3005):purging node -53475109

*Mar 11 08:50:43.329: ISAKMP:(3005):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL

*Mar 11 08:50:43.329: ISAKMP:(3005):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Mar 11 08:50:43.329: ISAKMP: set new node -908125820 to QM_IDLE

*Mar 11 08:50:43.329: ISAKMP:(3005): sending packet to (ip_address) my_port 500 peer_port 500 (I) QM_IDLE

*Mar 11 08:50:43.329: ISAKMP:(3005):Sending an IKE IPv4 Packet.

*Mar 11 08:50:43.333: ISAKMP:(3005):purging node -908125820

*Mar 11 08:50:43.333: ISAKMP:(3005):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL

*Mar 11 08:50:43.333: ISAKMP:(3005):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

*Mar 11 08:50:43.333: ISAKMP:(3005):peer does not do paranoid keepalives.

*Mar 11 08:50:43.333: ISAKMP:(3005):deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (I) QM_IDLE       (peer ip_address)

*Mar 11 08:50:43.333: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down

*Mar 11 08:50:43.333: ISAKMP: set new node -1112502632 to QM_IDLE

*Mar 11 08:50:43.333: ISAKMP:(3005): sending packet to (ip_address) my_port 500 peer_port 500 (I) QM_IDLE

*Mar 11 08:50:43.333: ISAKMP:(3005):Sending an IKE IPv4 Packet.

*Mar 11 08:50:43.337: ISAKMP:(3005):purging node -1112502632

*Mar 11 08:50:43.337: ISAKMP:(3005):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL

*Mar 11 08:50:43.337: ISAKMP:(3005):Old State = IKE_P1_COMPLETE  New State = IKE_DEST_SA

*Mar 11 08:50:43.337: ISAKMP:(3005):deleting SA reason "gen_ipsec_isakmp_delete but doi isakmp" state (I) QM_IDLE       (peer ip_address)

*Mar 11 08:50:43.337: ISAKMP:(0):Can't decrement IKE Call Admission Control stat outgoing_active since it's already 0.

*Mar 11 08:50:43.337: ISAKMP: Unlocking peer struct 0x8428F098 for isadb_mark_sa_deleted(), count 0

*Mar 11 08:50:43.337: ISAKMP: Deleting peer node by peer_reap for 200.67.233.238: 8428F098

*Mar 11 08:50:43.337: ISAKMP:(3005):deleting node 1661617387 error FALSE reason "IKE deleted"

*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node 2032741393 error FALSE reason "IKE deleted"

*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node -1308849341 error FALSE reason "IKE deleted"

*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node -955006391 error FALSE reason "IKE deleted"

*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node 354578411 error FALSE reason "IKE deleted"

*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node -1258842804 error FALSE reason "IKE deleted"

*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node -2102576846 error FALSE reason "IKE deleted"

*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node -1200444317 error FALSE reason "IKE deleted"

*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node 75082018 error FALSE reason "IKE deleted"

*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node -1753974262 error FALSE reason "IKE deleted"

*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node 49047803 error FALSE reason "IKE deleted"

*Mar 11 08:50:43.341: ISAKMP:(3005):deleting node 1355123061 error FALSE reason "IKE deleted"

*Mar 11 08:50:43.341: ISAKMP:(3005):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH

*Mar 11 08:50:43.341: ISAKMP:(3005):Old State = IKE_DEST_SA  New State = IKE_DEST_SA

*Mar 11 08:50:44.333: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down

*Mar 11 08:50:44.637: del_node src (ip_address):500 dst (ip-adreesss):500 fvrf 0x0, ivrf 0x0

*Mar 11 08:50:44.637: ISAKMP:(3005):peer does not do paranoid keepalives.

*Mar 11 08:50:44.637: ISAKMP:(0): SA request profile is (NULL)

*Mar 11 08:50:44.637: ISAKMP: Created a peer struct for (ip_address), peer port 500

*Mar 11 08:50:44.637: ISAKMP: New peer created peer = 0x8428F098 peer_handle = 0x80002A9D

*Mar 11 08:50:44.637: ISAKMP: Locking peer struct 0x8428F098, refcount 1 for isakmp_initiator

*Mar 11 08:50:44.637: ISAKMP:(0):Setting client config settings 83A4C2F4

*Mar 11 08:50:44.637: ISAKMP: local port 500, remote port 500

*Mar 11 08:50:44.637: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 83A4B344

*Mar 11 08:50:44.641: ISAKMP:(0): client mode configured.

*Mar 11 08:50:44.641: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID

*Mar 11 08:50:44.641: ISAKMP:(0): constructed NAT-T vendor-07 ID

*Mar 11 08:50:44.641: ISAKMP:(0): constructed NAT-T vendor-03 ID

*Mar 11 08:50:44.641: ISAKMP:(0): constructed NAT-T vendor-02 ID

*Mar 11 08:50:44.641: ISKAMP: growing send buffer from 1024 to 3072

*Mar 11 08:50:44.641: ISAKMP:(0):SA is doing pre-shared key authentication plus XAUTH using id type ID_KEY_ID

*Mar 11 08:50:44.641: ISAKMP (0:0): ID payload

        next-payload : 13

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Acruzgreg

‎05-17-2010 04:22 PM

What is this interface used for on your scenario:  Virtual-Access2

Check your running-config

Federico.

0 Helpful

Acruzgreg
Level 1
Level 1
In response to Acruzgreg

‎05-18-2010 07:48 AM

hi Federico,

In my config of ezvpn is the virtual-interface1

Regards

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Acruzgreg

‎05-18-2010 08:12 AM

Angel,

Seems the connectivity is getting interrupted.

Can you confirm that Internet continue working fine from both the server and the client sides, when the VPN tunnel goes down?

Federico.

0 Helpful

Acruzgreg
Level 1
Level 1
In response to Acruzgreg

‎05-18-2010 08:24 AM

Hi Federico

yes the internet is working fine

regards

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to Acruzgreg

‎05-18-2010 08:35 AM

Angel,

Is this the only ezvpn client connecting to the ezvpn servers? Or do you have more clients, in that case are they failing as well?

Federico.

0 Helpful

Acruzgreg
Level 1
Level 1
In response to Acruzgreg

‎05-18-2010 09:01 AM

hi

only one ezvpn client conects to ezvpn server

0 Helpful
Customers Also Viewed These Support Documents