cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2782
Views
0
Helpful
1
Replies
Greg Maaaag
Beginner

Site-to-site tunnels go down

Hi everyone!

I have vpn-concentrator on vyatta, 8 cisco 881w and 2 cisco 1941 with vpn site-to-site connected to vyatta. They all are in one ISP's vlan native L2 level.

I user pre-shared key, aes128 and md5 hash.

Traffic goes both sides, everything is okay, i strated cacti monitor of traffic and CPU, started netflow analyzer.

Sometimes one ipsec connection between any of branches go down, it doesn't have any extra CPU load, not more then 20-30%, no huge traffic but somewhy i recieve phone call like "i can't reach server" i check on vyatta - tunnels are down with one router, i do "reset vpn ipsec-peer N" and everything is ok.

I mentioned that when I added "keepalive periodic 10" on ciscos, tunnels started go down more often, for exmaple usually I recieve 1-2 phone calls during a day, whan I added this command, i started to recieve 4-5 phonecalls from branches.

How can I check this? It really drives me crazy beacuse it's always random tunnel down branch, today it was one 1941 and one 881w, yesturday it was 3 881w during all day, I can't figure out what's the problem.

Help me please!!!

1 REPLY 1
Greg Maaaag
Beginner

Today i found one connections down, take debugs from vyatta and cisco:

*Feb 11 06:00:20.589: IPSEC(sa_request): ,

  (key eng. msg.) OUTBOUND local= 89.104.102.237:500, remote= 89.223.6.92:500,

    local_proxy= 192.168.2.0/255.255.255.0/256/0,

    remote_proxy= 192.168.10.0/255.255.255.0/256/0,

    protocol= ESP, transform= esp-aes esp-md5-hmac  (Tunnel),

    lifedur= 3600s and 4608000kb,

    spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0

*Feb 11 06:00:20.649: IPSEC(key_engine): got a queue event with 1 KMI message(s)

Urbana#

*Feb 11 06:00:34.889: IPSEC(key_engine): request timer fired: count = 1,

  (identity) local= 89.104.102.237:0, remote= 89.223.6.92:0,

    local_proxy= 192.168.2.0/255.255.255.0/256/0,

    remote_proxy= 192.168.240.0/255.255.255.0/256/0

*Feb 11 06:00:34.889: IPSEC(sa_request): ,

  (key eng. msg.) OUTBOUND local= 89.104.102.237:500, remote= 89.223.6.92:500,

    local_proxy= 192.168.2.0/255.255.255.0/256/0,

    remote_proxy= 192.168.240.0/255.255.255.0/256/0,

    protocol= ESP, transform= esp-aes esp-md5-hmac  (Tunnel),

    lifedur= 3600s and 4608000kb,

    spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0

Urbana#

*Feb 11 06:00:34.953: IPSEC(key_engine): got a queue event with 1 KMI message(s)

Urbana#

*Feb 11 06:00:50.589: IPSEC(key_engine): request timer fired: count = 1,

  (identity) local= 89.104.102.237:0, remote= 89.223.6.92:0,

    local_proxy= 192.168.2.0/255.255.255.0/256/0,

    remote_proxy= 192.168.10.0/255.255.255.0/256/0

*Feb 11 06:00:50.589: IPSEC(sa_request): ,

  (key eng. msg.) OUTBOUND local= 89.104.102.237:500, remote= 89.223.6.92:500,

    local_proxy= 192.168.2.0/255.255.255.0/256/0,

    remote_proxy= 192.168.10.0/255.255.255.0/256/0,

    protocol= ESP, transform= esp-aes esp-md5-hmac  (Tunnel),

    lifedur= 3600s and 4608000kb,

    spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0

Urbana#

*Feb 11 06:00:50.645: IPSEC(key_engine): got a queue event with 1 KMI message(s)

Urbana#

*Feb 11 06:00:59.313: %CRYPTO-4-IKMP_NO_SA: IKE message from 89.223.6.92 has no SA and is not an initialization offer

Urbana#

*Feb 11 06:01:04.889: IPSEC(key_engine): request timer fired: count = 2,

  (identity) local= 89.104.102.237:0, remote= 89.223.6.92:0,

    local_proxy= 192.168.2.0/255.255.255.0/256/0,

    remote_proxy= 192.168.240.0/255.255.255.0/256/0

*Feb 11 06:01:04.889: IPSEC(sa_request): ,

  (key eng. msg.) OUTBOUND local= 89.104.102.237:500, remote= 89.223.6.92:500,

    local_proxy= 192.168.2.0/255.255.255.0/256/0,

    remote_proxy= 192.168.240.0/255.255.255.0/256/0,

    protocol= ESP, transform= esp-aes esp-md5-hmac  (Tunnel),

    lifedur= 3600s and 4608000kb,

    spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0

Urbana#

*Feb 11 06:01:04.957: IPSEC(key_engine): got a queue event with 1 KMI message(s)

Urbana#

*Feb 11 06:01:20.589: IPSEC(key_engine): request timer fired: count = 2,

  (identity) local= 89.104.102.237:0, remote= 89.223.6.92:0,

    local_proxy= 192.168.2.0/255.255.255.0/256/0,

    remote_proxy= 192.168.10.0/255.255.255.0/256/0

Urbana#terminal no monitor

Vyatta:

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15646: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15646: starting keying attempt 182 of an unlimited number

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15662: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #15646 {using isakmp#14392}

  VPN-IPSEC: packet from 89.104.102.237:500: received Vendor ID payload [RFC 3947]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15663: responding to Main Mode

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15663: received Vendor ID payload [Dead Peer Detection]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15663: ignoring Vendor ID payload [5ded2664d3865ee16a065e1125ff4cec]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15663: received Vendor ID payload [XAUTH]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15663: NAT-Traversal: Result using RFC 3947: no NAT detected

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15663: ignoring informational payload, type IPSEC_INITIAL_CONTACT

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15663: Peer ID is ID_IPV4_ADDR: '89.104.102.237'

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15663: sent MR3, ISAKMP SA established

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15663: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===89.223.6.92[89.223.6.92]...89.104.102.237[89.104.102.237]===192.168.2.0/24

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15663: sending encrypted notification INVALID_ID_INFORMATION to 89.104.102.237:500

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15663: received Delete SA payload: deleting ISAKMP State #15663

  VPN-IPSEC: packet from 89.104.102.237:500: received Vendor ID payload [RFC 3947]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15664: responding to Main Mode

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15664: received Vendor ID payload [Dead Peer Detection]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15664: ignoring Vendor ID payload [5ded2664b9b6e363945885b47bb439a6]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15664: received Vendor ID payload [XAUTH]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15664: NAT-Traversal: Result using RFC 3947: no NAT detected

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15664: ignoring informational payload, type IPSEC_INITIAL_CONTACT

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15664: Peer ID is ID_IPV4_ADDR: '89.104.102.237'

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15664: sent MR3, ISAKMP SA established

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15665: we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15665: sending encrypted notification NO_PROPOSAL_CHOSEN to 89.104.102.237:500

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15664: received Delete SA payload: deleting ISAKMP State #15664

  VPN-IPSEC: "peer-89.104.102.237-tunnel-2" #15651: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal

  VPN-IPSEC: "peer-89.104.102.237-tunnel-2" #15651: starting keying attempt 183 of an unlimited number

  VPN-IPSEC: "peer-89.104.102.237-tunnel-2" #15667: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #15651 {using isakmp#14392}

  VPN-IPSEC: packet from 89.104.102.237:500: received Vendor ID payload [RFC 3947]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15669: responding to Main Mode

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15669: received Vendor ID payload [Dead Peer Detection]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15669: ignoring Vendor ID payload [5ded2664e6c0cdb0cdff98e262a9f540]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15669: received Vendor ID payload [XAUTH]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15669: NAT-Traversal: Result using RFC 3947: no NAT detected

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15669: ignoring informational payload, type IPSEC_INITIAL_CONTACT

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15669: Peer ID is ID_IPV4_ADDR: '89.104.102.237'

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15669: sent MR3, ISAKMP SA established

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15669: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===89.223.6.92[89.223.6.92]...89.104.102.237[89.104.102.237]===192.168.2.0/24

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15669: sending encrypted notification INVALID_ID_INFORMATION to 89.104.102.237:500

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15669: received Delete SA payload: deleting ISAKMP State #15669

  VPN-IPSEC: "peer-89.104.102.237-tunnel-1" #15654: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal

  VPN-IPSEC: "peer-89.104.102.237-tunnel-1" #15654: starting keying attempt 78 of an unlimited number

  VPN-IPSEC: "peer-89.104.102.237-tunnel-1" #15670: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #15654 {using isakmp#14392}

  VPN-IPSEC: packet from 89.104.102.237:500: received Vendor ID payload [RFC 3947]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15671: responding to Main Mode

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15671: received Vendor ID payload [Dead Peer Detection]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15671: ignoring Vendor ID payload [5ded2664a8b1d9fa9a7cb3b0d2594b10]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15671: received Vendor ID payload [XAUTH]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15671: NAT-Traversal: Result using RFC 3947: no NAT detected

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15671: ignoring informational payload, type IPSEC_INITIAL_CONTACT

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15671: Peer ID is ID_IPV4_ADDR: '89.104.102.237'

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15671: sent MR3, ISAKMP SA established

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15672: we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15672: sending encrypted notification NO_PROPOSAL_CHOSEN to 89.104.102.237:500

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15671: received Delete SA payload: deleting ISAKMP State #15671

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15662: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15662: starting keying attempt 183 of an unlimited number

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15674: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #15662 {using isakmp#14392}

  VPN-IPSEC: packet from 89.104.102.237:500: received Vendor ID payload [RFC 3947]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15675: responding to Main Mode

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15675: received Vendor ID payload [Dead Peer Detection]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15675: ignoring Vendor ID payload [5ded266488199a84d7b10ce8c54943e6]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15675: received Vendor ID payload [XAUTH]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15675: NAT-Traversal: Result using RFC 3947: no NAT detected

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15675: ignoring informational payload, type IPSEC_INITIAL_CONTACT

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15675: Peer ID is ID_IPV4_ADDR: '89.104.102.237'

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15675: sent MR3, ISAKMP SA established

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15676: we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15676: sending encrypted notification NO_PROPOSAL_CHOSEN to 89.104.102.237:500

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15675: received Delete SA payload: deleting ISAKMP State #15675

  VPN-IPSEC: packet from 89.104.102.237:500: received Vendor ID payload [RFC 3947]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15678: responding to Main Mode

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15678: received Vendor ID payload [Dead Peer Detection]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15678: ignoring Vendor ID payload [5ded26640741d90ad0826d199f025842]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15678: received Vendor ID payload [XAUTH]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15678: NAT-Traversal: Result using RFC 3947: no NAT detected

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15678: ignoring informational payload, type IPSEC_INITIAL_CONTACT

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15678: Peer ID is ID_IPV4_ADDR: '89.104.102.237'

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15678: sent MR3, ISAKMP SA established

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15678: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===89.223.6.92[89.223.6.92]...89.104.102.237[89.104.102.237]===192.168.2.0/24

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15678: sending encrypted notification INVALID_ID_INFORMATION to 89.104.102.237:500

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15678: received Delete SA payload: deleting ISAKMP State #15678

  VPN-IPSEC: "peer-89.104.102.237-tunnel-2" #15667: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal

  VPN-IPSEC: "peer-89.104.102.237-tunnel-2" #15667: starting keying attempt 184 of an unlimited number

  VPN-IPSEC: "peer-89.104.102.237-tunnel-2" #15680: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #15667 {using isakmp#14392}

  VPN-IPSEC: packet from 89.104.102.237:500: received Vendor ID payload [RFC 3947]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15682: responding to Main Mode

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15682: received Vendor ID payload [Dead Peer Detection]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15682: ignoring Vendor ID payload [5ded2664ccd37d1ba0b055793ff59010]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15682: received Vendor ID payload [XAUTH]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15682: NAT-Traversal: Result using RFC 3947: no NAT detected

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15682: ignoring informational payload, type IPSEC_INITIAL_CONTACT

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15682: Peer ID is ID_IPV4_ADDR: '89.104.102.237'

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15682: sent MR3, ISAKMP SA established

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15683: we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15683: sending encrypted notification NO_PROPOSAL_CHOSEN to 89.104.102.237:500

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15682: received Delete SA payload: deleting ISAKMP State #15682

  VPN-IPSEC: "peer-89.104.102.237-tunnel-1" #15670: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal

  VPN-IPSEC: "peer-89.104.102.237-tunnel-1" #15670: starting keying attempt 79 of an unlimited number

  VPN-IPSEC: "peer-89.104.102.237-tunnel-1" #15684: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #15670 {using isakmp#14392}

  VPN-IPSEC: packet from 89.104.102.237:500: received Vendor ID payload [RFC 3947]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15685: responding to Main Mode

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15685: received Vendor ID payload [Dead Peer Detection]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15685: ignoring Vendor ID payload [5ded2664010501278b1fe21935064d55]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15685: received Vendor ID payload [XAUTH]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15685: NAT-Traversal: Result using RFC 3947: no NAT detected

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15685: ignoring informational payload, type IPSEC_INITIAL_CONTACT

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15685: Peer ID is ID_IPV4_ADDR: '89.104.102.237'

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15685: sent MR3, ISAKMP SA established

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15685: cannot respond to IPsec SA request because no connection is known for 192.168.10.0/24===89.223.6.92[89.223.6.92]...89.104.102.237[89.104.102.237]===192.168.2.0/24

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15685: sending encrypted notification INVALID_ID_INFORMATION to 89.104.102.237:500

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15685: received Delete SA payload: deleting ISAKMP State #15685

  VPN-IPSEC: packet from 89.104.102.237:500: received Vendor ID payload [RFC 3947]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15687: responding to Main Mode

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15687: received Vendor ID payload [Dead Peer Detection]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15687: ignoring Vendor ID payload [5ded2664a50786b32fa8014be9b7f6bb]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15687: received Vendor ID payload [XAUTH]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15687: NAT-Traversal: Result using RFC 3947: no NAT detected

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15687: ignoring informational payload, type IPSEC_INITIAL_CONTACT

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15687: Peer ID is ID_IPV4_ADDR: '89.104.102.237'

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15687: sent MR3, ISAKMP SA established

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15688: we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15688: sending encrypted notification NO_PROPOSAL_CHOSEN to 89.104.102.237:500

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15687: received Delete SA payload: deleting ISAKMP State #15687

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15674: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15674: starting keying attempt 184 of an unlimited number

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15689: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #15674 {using isakmp#14392}

  VPN-IPSEC: packet from 89.104.102.237:500: received Vendor ID payload [RFC 3947]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15691: responding to Main Mode

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15691: received Vendor ID payload [Dead Peer Detection]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15691: ignoring Vendor ID payload [5ded2664dec611938388142ae89a2645]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15691: received Vendor ID payload [XAUTH]

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15691: NAT-Traversal: Result using RFC 3947: no NAT detected

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15691: ignoring informational payload, type IPSEC_INITIAL_CONTACT

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15691: Peer ID is ID_IPV4_ADDR: '89.104.102.237'

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15691: sent MR3, ISAKMP SA established

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15692: we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15692: sending encrypted notification NO_PROPOSAL_CHOSEN to 89.104.102.237:500

  VPN-IPSEC: "peer-89.104.102.237-tunnel-3" #15691: received Delete SA payload: deleting ISAKMP State #15691

  VPN-IPSEC: "peer-89.104.102.237-tunnel-2" #15680: max number of retransmissions (2) reached STATE_QUICK_I1. No acceptable response to our first Quick Mode message: perhaps peer likes no proposal

  VPN-IPSEC: "peer-89.104.102.237-tunnel-2" #15680: starting keying attempt 185 of an unlimited number

  VPN-IPSEC: "peer-89.104.102.237-tunnel-2" #15693: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #15680 {using isakmp#14392}

  VPN-IPSEC: packet from 89.104.102.237:500: received Vendor ID payload [RFC 3947]

  VPN-IPSEC: packet from 89.104.102.237:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

In "show vpn ike sa" on vyatta there is no host 89.104.102.237 at all!!!

Where is the problem?

Content for Community-Ad