Hi Guys,
Here is some more information:
The syslog lines look like this:
sentry.log.0:Oct 14 06:33:33 ABC.com 6176168: Oct 14 06:33:32 UTC: %CRYPTO-3-QUERY_KEY: Querying key pair failed.
On the 12th ther were a small number of log lines like: (possibly not related)
sentry.log.1.gz:Oct 12 13:31:19 ABC.com 6076104: Oct 12 13:31:18 UTC: %CRYPTO-4-IKMP_NO_SA: IKE message from 99.XX.XX.XX has no SA and is not an initialization offer
There were also other loglines from that device in te last few days: (possibly not related)
$ grep ABC.com sentry*log sentry.log.0 | grep -v %CRYPTO-3-QUERY_KEY
sentry.log:Oct 14 07:08:51 ABC.com 6177602: Oct 14 07:08:50 UTC: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for
sentry.log:Oct 14 07:08:51 ABC.com 6177603: ^Idestaddr=216.XX.XX.XX, prot=50, spi=0x54B6515C(1421234524), srcaddr=84.XX.XX.XX
sentry.log:Oct 14 11:18:51 ABC.com 6188903: Oct 14 11:18:51 UTC: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for
sentry.log:Oct 14 11:18:51 ABC.com 6188904: ^Idestaddr=216.XX.XX.XX, prot=50, spi=0x223E0D70(574492016), srcaddr=84.XX.XX.XX
.......
As of now there are this many log lines matching:
$ grep rtbrd2.wlca.descartes.com sentry*log sentry.log.0 | grep %CRYPTO-3-QUERY_KEY | wc -l
22225
$ Date
Wed Oct 14 19:54:33 UTC 2009