He actualizado el firmware de MR2 a MR3 en 2 de los 4 dispositivos Fortigate 80c que tengo. Desde entonces han dejado de funcionar las vpn-ipsec que habia entre ellos
la topologia es tipo estrella, y los equipos actualizados son el del centro y uno de los extremos.
la configuración de las fase 1 y 2 es la misma, también he probado en cambiar configuraciones tipo (dh group, pshd-key, encryption) y el resultado es el mismo.
el problema es que la VPN dura mientras hay tráfico, y luego se cae y no es capaz de levantarse hasta que no hago alguna modificación. De mientras no encuentro la solución tengo un ping continuo entre servidores de las distintas sedes, y eso mantiene la vpn-ipsec.
fallo VPN desde actualizacion a MR3
Re: fallo VPN desde actualizacion a MR3
hola, rewvisa este comando en la phase2
auto-negotiate
[Debes identificarte para poder ver enlaces.]
saludos
auto-negotiate
[Debes identificarte para poder ver enlaces.]
saludos
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst
Re: fallo VPN desde actualizacion a MR3
Hola,
en todos los equipos he augmentado el tiempo de la keylife a 28800. Despues de cambiarlo ya no se han vuelto a caer las VPN de los fortigate con MR2.
Ahora el problema lo tengo entre los dos únicos equipos que estan actualizados a MR3, que la VPN no se mantiene. He probado en subir la keylife a 86400 pero tambien se cae.
en todos los equipos he augmentado el tiempo de la keylife a 28800. Despues de cambiarlo ya no se han vuelto a caer las VPN de los fortigate con MR2.
Ahora el problema lo tengo entre los dos únicos equipos que estan actualizados a MR3, que la VPN no se mantiene. He probado en subir la keylife a 86400 pero tambien se cae.
Re: fallo VPN desde actualizacion a MR3
Hola, revisaste lo que te dije en el post anterior??
saludos
saludos
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst
Re: fallo VPN desde actualizacion a MR3
He habilitado el auto-negotiate en ambas phase2 y tampoco funciona.
tengo 4 VPN-IPSEC montadas en un Fortigate 80c, de las cuales 2, son hacia Fortigate 80c, y las otras 2 hacia otros equipos que funcionan bien.
he probado en crear una VPN en interface mode, pero tampoco funciona.
actualmente tengo v4 MR3 Patch 11 en todos los equipos.
tengo 4 VPN-IPSEC montadas en un Fortigate 80c, de las cuales 2, son hacia Fortigate 80c, y las otras 2 hacia otros equipos que funcionan bien.
he probado en crear una VPN en interface mode, pero tampoco funciona.
actualmente tengo v4 MR3 Patch 11 en todos los equipos.
Re: fallo VPN desde actualizacion a MR3
hola y cual es el error?
pudiste hacer un diagnose de la vpn ?
saludos.
pudiste hacer un diagnose de la vpn ?
saludos.
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst
Re: fallo VPN desde actualizacion a MR3
ejecuta el siguiente procedimiento:
ingresa a traves de SSH por putty, configurale 2000 lineas de codigo para ver los log.
ejecuta el comando
diagnose debug application ike 255
y por la GUI dirigete a VPN>monitor>IPSEC monitor y las vpn que estan down intenta subirlas.
el ssh empezaran a parecer las propuestas.
copia todos esos log y veelo o peuedes subirlos por aqui, para ver mejor el problema.
ingresa a traves de SSH por putty, configurale 2000 lineas de codigo para ver los log.
ejecuta el comando
diagnose debug application ike 255
y por la GUI dirigete a VPN>monitor>IPSEC monitor y las vpn que estan down intenta subirlas.
el ssh empezaran a parecer las propuestas.
copia todos esos log y veelo o peuedes subirlos por aqui, para ver mejor el problema.
Re: fallo VPN desde actualizacion a MR3
Hola,
cuando pierdo conexión entre los site, las VPN en el IPSEC MONITOR aparecen como UP,
estos son los logs que me genera, todo el rato la misma secuencia:
2013-02-25 10:55:44 ike 0:VPN_XXX_2: link is idle 4 AAA.AA.AA.AA->BB.BB.BBB.BBB:500 dpd=1 seqno=121bb
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: send IKEv1 DPD probe, seqno 74171
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: enc 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501D9F88587000000540B000018159B7308E0583724151CEA3C3E5BC60DABF2853A000000200000000101108D281FD3F2C0A2F037F9BA6A100BCEE35E42000121BB
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: out 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501D9F885870000005CD85785421FB3BC5D763D13BA30C928087C46C895395F78D54CF29012F7CED2C1EF3606CE72432E90970E1F59A449F8E8189C1A2B90B63ED0568590678B3F0021
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: sent IKE msg (R-U-THERE): AAA.AA.AA.AA->BB.BB.BBB.BBB:500, len=92, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:d9f88587
2013-02-25 10:55:44 ike 0: comes BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500,ifindex=4....
2013-02-25 10:55:44 ike 0: IKEv1 exchange=Informational id=1fd3f2c0a2f037f9/ba6a100bcee35e42:ae5d85f0 len=92
2013-02-25 10:55:44 ike 0: in 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501AE5D85F00000005C639A14FF2BCDA3227AE296D4F34EF705ACC25D38AA84AA46B60BFFFEF945B6B97EECB1872E488186ADD3BE14C00BEDE8D9574EAC4659A31B9B697C4E7BB49664
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: dec 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501AE5D85F00000005C0B0000181466D0951C25E534853AE3C058D3B6AD817E25C3000000200000000101108D281FD3F2C0A2F037F9BA6A100BCEE35E420000E6D1A3405A283AA86107
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: notify msg received: R-U-THERE
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: enc 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501629A54EB000000540B000018F674044CD579BC5AD328266AE6823311FAB103FD000000200000000101108D291FD3F2C0A2F037F9BA6A100BCEE35E420000E6D1
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: out 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501629A54EB0000005C90279066081824FA9FCB33132C55CDF3103E74C77B9B189E4FCE85E92BD82895A7DA1B272F64F99F55CD576AD40F7ED15F0C8EA992567BDC5FE229C37627BF23
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: sent IKE msg (R-U-THERE-ACK): AAA.AA.AA.AA->BB.BB.BBB.BBB:500, len=92, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:629a54eb
2013-02-25 10:55:44 ike 0: comes BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500,ifindex=4....
2013-02-25 10:55:44 ike 0: IKEv1 exchange=Informational id=1fd3f2c0a2f037f9/ba6a100bcee35e42:d6022a3d len=92
2013-02-25 10:55:44 ike 0: in 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501D6022A3D0000005C2B03071B9ADAAFF8DAA37427A56ECE4D13A48075A10F61660BAFBC8A4E3F0A643639CB83FF3BD093C9F3CB19D9D1EEDE2DD04C50DA25377FC3B766B3174ECA96
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: dec 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501D6022A3D0000005C0B000018C4C9244465983412CEE8E6C490C827DB74817059000000200000000101108D291FD3F2C0A2F037F9BA6A100BCEE35E42000121BBC2883324EF1DC007
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: notify msg received: R-U-THERE-ACK
cuando pierdo conexión entre los site, las VPN en el IPSEC MONITOR aparecen como UP,
estos son los logs que me genera, todo el rato la misma secuencia:
2013-02-25 10:55:44 ike 0:VPN_XXX_2: link is idle 4 AAA.AA.AA.AA->BB.BB.BBB.BBB:500 dpd=1 seqno=121bb
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: send IKEv1 DPD probe, seqno 74171
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: enc 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501D9F88587000000540B000018159B7308E0583724151CEA3C3E5BC60DABF2853A000000200000000101108D281FD3F2C0A2F037F9BA6A100BCEE35E42000121BB
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: out 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501D9F885870000005CD85785421FB3BC5D763D13BA30C928087C46C895395F78D54CF29012F7CED2C1EF3606CE72432E90970E1F59A449F8E8189C1A2B90B63ED0568590678B3F0021
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: sent IKE msg (R-U-THERE): AAA.AA.AA.AA->BB.BB.BBB.BBB:500, len=92, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:d9f88587
2013-02-25 10:55:44 ike 0: comes BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500,ifindex=4....
2013-02-25 10:55:44 ike 0: IKEv1 exchange=Informational id=1fd3f2c0a2f037f9/ba6a100bcee35e42:ae5d85f0 len=92
2013-02-25 10:55:44 ike 0: in 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501AE5D85F00000005C639A14FF2BCDA3227AE296D4F34EF705ACC25D38AA84AA46B60BFFFEF945B6B97EECB1872E488186ADD3BE14C00BEDE8D9574EAC4659A31B9B697C4E7BB49664
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: dec 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501AE5D85F00000005C0B0000181466D0951C25E534853AE3C058D3B6AD817E25C3000000200000000101108D281FD3F2C0A2F037F9BA6A100BCEE35E420000E6D1A3405A283AA86107
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: notify msg received: R-U-THERE
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: enc 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501629A54EB000000540B000018F674044CD579BC5AD328266AE6823311FAB103FD000000200000000101108D291FD3F2C0A2F037F9BA6A100BCEE35E420000E6D1
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: out 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501629A54EB0000005C90279066081824FA9FCB33132C55CDF3103E74C77B9B189E4FCE85E92BD82895A7DA1B272F64F99F55CD576AD40F7ED15F0C8EA992567BDC5FE229C37627BF23
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: sent IKE msg (R-U-THERE-ACK): AAA.AA.AA.AA->BB.BB.BBB.BBB:500, len=92, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:629a54eb
2013-02-25 10:55:44 ike 0: comes BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500,ifindex=4....
2013-02-25 10:55:44 ike 0: IKEv1 exchange=Informational id=1fd3f2c0a2f037f9/ba6a100bcee35e42:d6022a3d len=92
2013-02-25 10:55:44 ike 0: in 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501D6022A3D0000005C2B03071B9ADAAFF8DAA37427A56ECE4D13A48075A10F61660BAFBC8A4E3F0A643639CB83FF3BD093C9F3CB19D9D1EEDE2DD04C50DA25377FC3B766B3174ECA96
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: dec 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501D6022A3D0000005C0B000018C4C9244465983412CEE8E6C490C827DB74817059000000200000000101108D291FD3F2C0A2F037F9BA6A100BCEE35E42000121BBC2883324EF1DC007
2013-02-25 10:55:44 ike 0:VPN_XXX_2:13016: notify msg received: R-U-THERE-ACK
Re: fallo VPN desde actualizacion a MR3
Y este es el log que genera cuando levanta la VPN, pero no la conexión entre los sites:
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: IPsec SA connect 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: using existing connection
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: config found
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: IPsec SA connect 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 negotiating
ike 0:VPN_ZZZ_2:28: cookie 1fd3f2c0a2f037f9/ba6a100bcee35e42:22d770f7
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: initiator selectors 0 0:0.0.0.0/0.0.0.0:0:0->0:0.0.0.0/0.0.0.0:0:0
ike 0:VPN_ZZZ_2:28: enc 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F70000018001000018FE694CC8DBF95EC0D233D037D0180E7772752A3B0A000054000000010000000100000048010304024CBE02650300001C01030000800100018002070880040001800500028003000500000020020C000080010001800207088004000180060080800500028003000504000014CE604E0921E0FB38CA3AA926F2A4BDB6050000C4968B24DEB97C15F8F0C0E001FC72459C913E3F72E0B1002AD31704EA7003102B438D5B8B66B0BEA815E4330ED761258808A2211C63EBF5E8CFCDDDBE1ED144347D06524725BF3202A409CA8DC466D0791AE1A6D9BB26CBC9A7560D2D4129B4F4EDCF76456E90BB3CB8731C420B2A4373023E0A3072DCFDECB3EDF0A9B60C2F3D935943E9A4326DB7C1D56435E90B89733280702731004C3B0594CAB407955D4198B42E820892C5E7395FB8D214F8351961EA5E4D42B4F4F4D7CDD0CF6F8E42780500001004000000000000000000000000000010040000000000000000000000
ike 0:VPN_ZZZ_2:28: out 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F700000184F56D04932D99313383E1B712488E398F56C0270FCF4A404E33112119F8494A7B6FC2DC87F6F23B9C05E47C826E31B7DEF2F0D9DA6566503D3E1CEB31BD1CB037D70C7ED81A72562B6BD75AEA9CE73D19FB41367B6D73CCC3EEA0B06022DD6E804CFA53A14E307164FC95FD49251CC8EDCB203F4697776C1FE88D66B3BD1D1ABB9C1626781A260E379B7F033ABEEABF7428A66CAF579563C9A0F9CC3017821EA80CC06E14AEFAD0627CF288819D44F7F81B4B8C3F515B87B0AFCADF92D0E6D1FE5F3EF7C736D3DBA283EDC504616FC1252132A0F70FEE145306C312321135C6573F646EBD674C57EE075B313DB57494330E44BF54BE8E155A96F8FDEBC44DAC6BC7A39BBDFCFAB9976002FD4C2668A9847352C9F20E4BF5D09522EAD51C84DA056E1EC498FE3D816F4CBC73C722EBC7C053243FEE002FE53FD691CCA3C17792AFF9BA25302AF719E4BD44FDD5B6E4E71E577D1D652F43585511FD33CAB85BABF0622C7024707410FC
ike 0:VPN_ZZZ_2:28: sent IKE msg (quick_i1send): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=388, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:22d770f7
ike 0: comes AAA.AA.AA.AA:500->BB.BB.BBB.BBB:500,ifindex=3....
ike 0: IKEv1 exchange=Quick id=1fd3f2c0a2f037f9/ba6a100bcee35e42:22d770f7 len=356
ike 0: in 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F700000164A2E01B82A086BF87319CAB73E1D737304E268792775F30060FA979C0B8787FBEDF478767012DF90F074D237527C177D304D65B5E6117359FA6286DDA1AB346BC7BCACD33EC555430AED6B82EF065C3A4BF7297B8E8D32198019AEBFBD421D4BB0CB13EAB0EBE2C760DCA7EE842E349EBE983691EDEA58B93F0F77BC34F29E52AE1F010734A501657447238FB785C61DD44A4714514D194C1221FB4362724EC3FE645FDF9AE00E4C7CE0177DB45DDDF43A7A6418CB421433D18586DEC54FA0591263A8A005C21A889082A98CD94137976B4563EBF173E4266AAB62E5B6FA45F8F725A42181001E823048FCAFAEA2D25BBA9AC9497F3CF19448B8896DC36AE834388FF5E2246BD1351D646EAD8F5D1286768AF3C20D0FFCD931216C84B4475A37CDE55B6D24ECE3AA4A9D4031E201AC6E23CCB31A0C9D58661E9F755967ABF1E6ED6FDB3F1BB2C6038
ike 0:VPN_ZZZ_2:28: dec 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F700000164010000188102BF6B03130D1E8C5DCA6A68075078BBEB009F0A000034000000010000000100000028010304018453C88B0000001C01030000800100018002070880040001800500028003000504000014B61A6E3C0468B87E47FA89831D2FB0C0050000C498432771EEC9FDC5BBE2470F238B968A0CF3A254E21D66228ECEC03B5851362FA3682043C61C51B70C91F2426AB71B5743A32EB02CA4AC9273FBB7E37DAC52F2F84ED0832C4355C2232F76563A955A1F0A4F1744D086156B5D66130357CFD94FA083A7CBAF9683BFA8B6916B6196DDDD9ED589462D6E0D3D1D326837A3ED24573CD7A8FB0E0720C712A879E8732730B2F777CBE52C81C7AA26E01CF0C5B2A99F83D4E0A0AAD9C68532E71A5963CDE8E4F7470F0B91EF008B733E6F7864D0B8BE05000010040000000000000000000000000000100400000000000000000000007DB52E03
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: responder selectors 0:0.0.0.0/0.0.0.0:0->0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: my proposal:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: proposal id = 1:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: PFS DH group = 5
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: trans_id = ESP_AES (key_len = 128)
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: incoming proposal:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: proposal id = 1:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: PFS DH group = 5
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:28: enc 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F70000003400000018C1CE1691716F7E0FB0CB402D7D5FC51818B52452
ike 0:VPN_ZZZ_2:28: out 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F70000003C3E97E08EB1A6517435A63560A7602348FC78E6B23A0301EA175ECCB0F1C4A9E7
ike 0:VPN_ZZZ_2:28: sent IKE msg (quick_i2send): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=60, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:22d770f7
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: replay protection enabled
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: SA life soft seconds=1751.
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: SA life hard seconds=1800.
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: IPsec SA selectors #src=1 #dst=1
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: src 0 4 0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: dst 0 4 0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: add IPsec SA: SPIs=4cbe0265/8453c88b
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: IPsec SA dec spi 4cbe0265 key 24:BCF35CC4C1BE571D51E6746A5A070B73E6BBBF26C160CF28 auth 20:23E82EE207D5FC6992FDEA55468C0AAF56D87F41
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: IPsec SA enc spi 8453c88b key 24:59255E7CFA32C9333571AA137F712BDAC5E53AD74E3782A7 auth 20:A41C342271437EAC7D8ECCB789BB0E375FDC8AC9
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: added IPsec SA: SPIs=4cbe0265/8453c88b
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: sending SNMP tunnel UP trap
ike shrank heap by 126976 bytes
ike 0:VPN_ZZZ_2: link is idle 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 dpd=1 seqno=e7d2
ike 0:VPN_ZZZ_2: link is idle 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 dpd=1 seqno=e7d3
ike 0:VPN_ZZZ_2:28: send IKEv1 DPD probe, seqno 59347
ike 0:VPN_ZZZ_2:28: enc 1FD3F2C0A2F037F9BA6A100BCEE35E42081005013AE31A20000000540B000018EDDB9566F0142271A63C861520B6121BCFDDE6D1000000200000000101108D281FD3F2C0A2F037F9BA6A100BCEE35E420000E7D3
ike 0:VPN_ZZZ_2:28: out 1FD3F2C0A2F037F9BA6A100BCEE35E42081005013AE31A200000005C856A763EBE0B4FFC5D69C85B80E7D6BBBD43857D4C1D3F28D16C673ED97D19C8D929618E4940AF4849616820471782B8FCA4BB0939C566C7B877E7E258906244
ike 0:VPN_ZZZ_2:28: sent IKE msg (R-U-THERE): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=92, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:3ae31a20
ike 0: comes AAA.AA.AA.AA:500->BB.BB.BBB.BBB:500,ifindex=3....
ike 0: IKEv1 exchange=Informational id=1fd3f2c0a2f037f9/ba6a100bcee35e42:ecc97f7b len=92
ike 0: in 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501ECC97F7B0000005C43152FB07228F9A3712FE67ABEFC216A023DD70F5810E61F52CAE6B1428D2B7DEF65035762B87EF2B186BD3B23E3811C38C764564E810B732D0DEE6897BDF8FD
ike 0:VPN_ZZZ_2:28: dec 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501ECC97F7B0000005C0B00001882BA425701746EF4C04204010315D7E8E6CFA6E7000000200000000101108D281FD3F2C0A2F037F9BA6A100BCEE35E42000122BE30EB2FB8994D5507
ike 0:VPN_ZZZ_2:28: notify msg received: R-U-THERE
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: IPsec SA connect 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: using existing connection
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: config found
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: IPsec SA connect 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 negotiating
ike 0:VPN_ZZZ_2:28: cookie 1fd3f2c0a2f037f9/ba6a100bcee35e42:22d770f7
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: initiator selectors 0 0:0.0.0.0/0.0.0.0:0:0->0:0.0.0.0/0.0.0.0:0:0
ike 0:VPN_ZZZ_2:28: enc 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F70000018001000018FE694CC8DBF95EC0D233D037D0180E7772752A3B0A000054000000010000000100000048010304024CBE02650300001C01030000800100018002070880040001800500028003000500000020020C000080010001800207088004000180060080800500028003000504000014CE604E0921E0FB38CA3AA926F2A4BDB6050000C4968B24DEB97C15F8F0C0E001FC72459C913E3F72E0B1002AD31704EA7003102B438D5B8B66B0BEA815E4330ED761258808A2211C63EBF5E8CFCDDDBE1ED144347D06524725BF3202A409CA8DC466D0791AE1A6D9BB26CBC9A7560D2D4129B4F4EDCF76456E90BB3CB8731C420B2A4373023E0A3072DCFDECB3EDF0A9B60C2F3D935943E9A4326DB7C1D56435E90B89733280702731004C3B0594CAB407955D4198B42E820892C5E7395FB8D214F8351961EA5E4D42B4F4F4D7CDD0CF6F8E42780500001004000000000000000000000000000010040000000000000000000000
ike 0:VPN_ZZZ_2:28: out 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F700000184F56D04932D99313383E1B712488E398F56C0270FCF4A404E33112119F8494A7B6FC2DC87F6F23B9C05E47C826E31B7DEF2F0D9DA6566503D3E1CEB31BD1CB037D70C7ED81A72562B6BD75AEA9CE73D19FB41367B6D73CCC3EEA0B06022DD6E804CFA53A14E307164FC95FD49251CC8EDCB203F4697776C1FE88D66B3BD1D1ABB9C1626781A260E379B7F033ABEEABF7428A66CAF579563C9A0F9CC3017821EA80CC06E14AEFAD0627CF288819D44F7F81B4B8C3F515B87B0AFCADF92D0E6D1FE5F3EF7C736D3DBA283EDC504616FC1252132A0F70FEE145306C312321135C6573F646EBD674C57EE075B313DB57494330E44BF54BE8E155A96F8FDEBC44DAC6BC7A39BBDFCFAB9976002FD4C2668A9847352C9F20E4BF5D09522EAD51C84DA056E1EC498FE3D816F4CBC73C722EBC7C053243FEE002FE53FD691CCA3C17792AFF9BA25302AF719E4BD44FDD5B6E4E71E577D1D652F43585511FD33CAB85BABF0622C7024707410FC
ike 0:VPN_ZZZ_2:28: sent IKE msg (quick_i1send): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=388, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:22d770f7
ike 0: comes AAA.AA.AA.AA:500->BB.BB.BBB.BBB:500,ifindex=3....
ike 0: IKEv1 exchange=Quick id=1fd3f2c0a2f037f9/ba6a100bcee35e42:22d770f7 len=356
ike 0: in 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F700000164A2E01B82A086BF87319CAB73E1D737304E268792775F30060FA979C0B8787FBEDF478767012DF90F074D237527C177D304D65B5E6117359FA6286DDA1AB346BC7BCACD33EC555430AED6B82EF065C3A4BF7297B8E8D32198019AEBFBD421D4BB0CB13EAB0EBE2C760DCA7EE842E349EBE983691EDEA58B93F0F77BC34F29E52AE1F010734A501657447238FB785C61DD44A4714514D194C1221FB4362724EC3FE645FDF9AE00E4C7CE0177DB45DDDF43A7A6418CB421433D18586DEC54FA0591263A8A005C21A889082A98CD94137976B4563EBF173E4266AAB62E5B6FA45F8F725A42181001E823048FCAFAEA2D25BBA9AC9497F3CF19448B8896DC36AE834388FF5E2246BD1351D646EAD8F5D1286768AF3C20D0FFCD931216C84B4475A37CDE55B6D24ECE3AA4A9D4031E201AC6E23CCB31A0C9D58661E9F755967ABF1E6ED6FDB3F1BB2C6038
ike 0:VPN_ZZZ_2:28: dec 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F700000164010000188102BF6B03130D1E8C5DCA6A68075078BBEB009F0A000034000000010000000100000028010304018453C88B0000001C01030000800100018002070880040001800500028003000504000014B61A6E3C0468B87E47FA89831D2FB0C0050000C498432771EEC9FDC5BBE2470F238B968A0CF3A254E21D66228ECEC03B5851362FA3682043C61C51B70C91F2426AB71B5743A32EB02CA4AC9273FBB7E37DAC52F2F84ED0832C4355C2232F76563A955A1F0A4F1744D086156B5D66130357CFD94FA083A7CBAF9683BFA8B6916B6196DDDD9ED589462D6E0D3D1D326837A3ED24573CD7A8FB0E0720C712A879E8732730B2F777CBE52C81C7AA26E01CF0C5B2A99F83D4E0A0AAD9C68532E71A5963CDE8E4F7470F0B91EF008B733E6F7864D0B8BE05000010040000000000000000000000000000100400000000000000000000007DB52E03
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: responder selectors 0:0.0.0.0/0.0.0.0:0->0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: my proposal:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: proposal id = 1:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: PFS DH group = 5
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: trans_id = ESP_AES (key_len = 128)
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: incoming proposal:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: proposal id = 1:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: PFS DH group = 5
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:28: enc 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F70000003400000018C1CE1691716F7E0FB0CB402D7D5FC51818B52452
ike 0:VPN_ZZZ_2:28: out 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F70000003C3E97E08EB1A6517435A63560A7602348FC78E6B23A0301EA175ECCB0F1C4A9E7
ike 0:VPN_ZZZ_2:28: sent IKE msg (quick_i2send): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=60, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:22d770f7
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: replay protection enabled
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: SA life soft seconds=1751.
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: SA life hard seconds=1800.
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: IPsec SA selectors #src=1 #dst=1
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: src 0 4 0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: dst 0 4 0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: add IPsec SA: SPIs=4cbe0265/8453c88b
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: IPsec SA dec spi 4cbe0265 key 24:BCF35CC4C1BE571D51E6746A5A070B73E6BBBF26C160CF28 auth 20:23E82EE207D5FC6992FDEA55468C0AAF56D87F41
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: IPsec SA enc spi 8453c88b key 24:59255E7CFA32C9333571AA137F712BDAC5E53AD74E3782A7 auth 20:A41C342271437EAC7D8ECCB789BB0E375FDC8AC9
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: added IPsec SA: SPIs=4cbe0265/8453c88b
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: sending SNMP tunnel UP trap
ike shrank heap by 126976 bytes
ike 0:VPN_ZZZ_2: link is idle 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 dpd=1 seqno=e7d2
ike 0:VPN_ZZZ_2: link is idle 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 dpd=1 seqno=e7d3
ike 0:VPN_ZZZ_2:28: send IKEv1 DPD probe, seqno 59347
ike 0:VPN_ZZZ_2:28: enc 1FD3F2C0A2F037F9BA6A100BCEE35E42081005013AE31A20000000540B000018EDDB9566F0142271A63C861520B6121BCFDDE6D1000000200000000101108D281FD3F2C0A2F037F9BA6A100BCEE35E420000E7D3
ike 0:VPN_ZZZ_2:28: out 1FD3F2C0A2F037F9BA6A100BCEE35E42081005013AE31A200000005C856A763EBE0B4FFC5D69C85B80E7D6BBBD43857D4C1D3F28D16C673ED97D19C8D929618E4940AF4849616820471782B8FCA4BB0939C566C7B877E7E258906244
ike 0:VPN_ZZZ_2:28: sent IKE msg (R-U-THERE): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=92, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:3ae31a20
ike 0: comes AAA.AA.AA.AA:500->BB.BB.BBB.BBB:500,ifindex=3....
ike 0: IKEv1 exchange=Informational id=1fd3f2c0a2f037f9/ba6a100bcee35e42:ecc97f7b len=92
ike 0: in 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501ECC97F7B0000005C43152FB07228F9A3712FE67ABEFC216A023DD70F5810E61F52CAE6B1428D2B7DEF65035762B87EF2B186BD3B23E3811C38C764564E810B732D0DEE6897BDF8FD
ike 0:VPN_ZZZ_2:28: dec 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501ECC97F7B0000005C0B00001882BA425701746EF4C04204010315D7E8E6CFA6E7000000200000000101108D281FD3F2C0A2F037F9BA6A100BCEE35E42000122BE30EB2FB8994D5507
ike 0:VPN_ZZZ_2:28: notify msg received: R-U-THERE
Re: fallo VPN desde actualizacion a MR3
fredytgn escribió:Y este es el log que genera cuando levanta la VPN, pero no la conexión entre los sites:
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: IPsec SA connect 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: using existing connection
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: config found
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: IPsec SA connect 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 negotiating
ike 0:VPN_ZZZ_2:28: cookie 1fd3f2c0a2f037f9/ba6a100bcee35e42:22d770f7
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: initiator selectors 0 0:0.0.0.0/0.0.0.0:0:0->0:0.0.0.0/0.0.0.0:0:0
ike 0:VPN_ZZZ_2:28: enc 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F70000018001000018FE694CC8DBF95EC0D233D037D0180E7772752A3B0A000054000000010000000100000048010304024CBE02650300001C01030000800100018002070880040001800500028003000500000020020C000080010001800207088004000180060080800500028003000504000014CE604E0921E0FB38CA3AA926F2A4BDB6050000C4968B24DEB97C15F8F0C0E001FC72459C913E3F72E0B1002AD31704EA7003102B438D5B8B66B0BEA815E4330ED761258808A2211C63EBF5E8CFCDDDBE1ED144347D06524725BF3202A409CA8DC466D0791AE1A6D9BB26CBC9A7560D2D4129B4F4EDCF76456E90BB3CB8731C420B2A4373023E0A3072DCFDECB3EDF0A9B60C2F3D935943E9A4326DB7C1D56435E90B89733280702731004C3B0594CAB407955D4198B42E820892C5E7395FB8D214F8351961EA5E4D42B4F4F4D7CDD0CF6F8E42780500001004000000000000000000000000000010040000000000000000000000
ike 0:VPN_ZZZ_2:28: out 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F700000184F56D04932D99313383E1B712488E398F56C0270FCF4A404E33112119F8494A7B6FC2DC87F6F23B9C05E47C826E31B7DEF2F0D9DA6566503D3E1CEB31BD1CB037D70C7ED81A72562B6BD75AEA9CE73D19FB41367B6D73CCC3EEA0B06022DD6E804CFA53A14E307164FC95FD49251CC8EDCB203F4697776C1FE88D66B3BD1D1ABB9C1626781A260E379B7F033ABEEABF7428A66CAF579563C9A0F9CC3017821EA80CC06E14AEFAD0627CF288819D44F7F81B4B8C3F515B87B0AFCADF92D0E6D1FE5F3EF7C736D3DBA283EDC504616FC1252132A0F70FEE145306C312321135C6573F646EBD674C57EE075B313DB57494330E44BF54BE8E155A96F8FDEBC44DAC6BC7A39BBDFCFAB9976002FD4C2668A9847352C9F20E4BF5D09522EAD51C84DA056E1EC498FE3D816F4CBC73C722EBC7C053243FEE002FE53FD691CCA3C17792AFF9BA25302AF719E4BD44FDD5B6E4E71E577D1D652F43585511FD33CAB85BABF0622C7024707410FC
ike 0:VPN_ZZZ_2:28: sent IKE msg (quick_i1send): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=388, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:22d770f7
ike 0: comes AAA.AA.AA.AA:500->BB.BB.BBB.BBB:500,ifindex=3....
ike 0: IKEv1 exchange=Quick id=1fd3f2c0a2f037f9/ba6a100bcee35e42:22d770f7 len=356
ike 0: in 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F700000164A2E01B82A086BF87319CAB73E1D737304E268792775F30060FA979C0B8787FBEDF478767012DF90F074D237527C177D304D65B5E6117359FA6286DDA1AB346BC7BCACD33EC555430AED6B82EF065C3A4BF7297B8E8D32198019AEBFBD421D4BB0CB13EAB0EBE2C760DCA7EE842E349EBE983691EDEA58B93F0F77BC34F29E52AE1F010734A501657447238FB785C61DD44A4714514D194C1221FB4362724EC3FE645FDF9AE00E4C7CE0177DB45DDDF43A7A6418CB421433D18586DEC54FA0591263A8A005C21A889082A98CD94137976B4563EBF173E4266AAB62E5B6FA45F8F725A42181001E823048FCAFAEA2D25BBA9AC9497F3CF19448B8896DC36AE834388FF5E2246BD1351D646EAD8F5D1286768AF3C20D0FFCD931216C84B4475A37CDE55B6D24ECE3AA4A9D4031E201AC6E23CCB31A0C9D58661E9F755967ABF1E6ED6FDB3F1BB2C6038
ike 0:VPN_ZZZ_2:28: dec 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F700000164010000188102BF6B03130D1E8C5DCA6A68075078BBEB009F0A000034000000010000000100000028010304018453C88B0000001C01030000800100018002070880040001800500028003000504000014B61A6E3C0468B87E47FA89831D2FB0C0050000C498432771EEC9FDC5BBE2470F238B968A0CF3A254E21D66228ECEC03B5851362FA3682043C61C51B70C91F2426AB71B5743A32EB02CA4AC9273FBB7E37DAC52F2F84ED0832C4355C2232F76563A955A1F0A4F1744D086156B5D66130357CFD94FA083A7CBAF9683BFA8B6916B6196DDDD9ED589462D6E0D3D1D326837A3ED24573CD7A8FB0E0720C712A879E8732730B2F777CBE52C81C7AA26E01CF0C5B2A99F83D4E0A0AAD9C68532E71A5963CDE8E4F7470F0B91EF008B733E6F7864D0B8BE05000010040000000000000000000000000000100400000000000000000000007DB52E03
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: responder selectors 0:0.0.0.0/0.0.0.0:0->0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: my proposal:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: proposal id = 1:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: PFS DH group = 5
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: trans_id = ESP_AES (key_len = 128)
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: incoming proposal:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: proposal id = 1:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: PFS DH group = 5
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:28: enc 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F70000003400000018C1CE1691716F7E0FB0CB402D7D5FC51818B52452
ike 0:VPN_ZZZ_2:28: out 1FD3F2C0A2F037F9BA6A100BCEE35E420810200122D770F70000003C3E97E08EB1A6517435A63560A7602348FC78E6B23A0301EA175ECCB0F1C4A9E7
ike 0:VPN_ZZZ_2:28: sent IKE msg (quick_i2send): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=60, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:22d770f7
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: replay protection enabled
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: SA life soft seconds=1751.
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: SA life hard seconds=1800.
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: IPsec SA selectors #src=1 #dst=1
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: src 0 4 0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: dst 0 4 0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: add IPsec SA: SPIs=4cbe0265/8453c88b
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: IPsec SA dec spi 4cbe0265 key 24:BCF35CC4C1BE571D51E6746A5A070B73E6BBBF26C160CF28 auth 20:23E82EE207D5FC6992FDEA55468C0AAF56D87F41
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: IPsec SA enc spi 8453c88b key 24:59255E7CFA32C9333571AA137F712BDAC5E53AD74E3782A7 auth 20:A41C342271437EAC7D8ECCB789BB0E375FDC8AC9
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: added IPsec SA: SPIs=4cbe0265/8453c88b
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: sending SNMP tunnel UP trap
ike shrank heap by 126976 bytes
ike 0:VPN_ZZZ_2: link is idle 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 dpd=1 seqno=e7d2
ike 0:VPN_ZZZ_2: link is idle 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 dpd=1 seqno=e7d3
ike 0:VPN_ZZZ_2:28: send IKEv1 DPD probe, seqno 59347
ike 0:VPN_ZZZ_2:28: enc 1FD3F2C0A2F037F9BA6A100BCEE35E42081005013AE31A20000000540B000018EDDB9566F0142271A63C861520B6121BCFDDE6D1000000200000000101108D281FD3F2C0A2F037F9BA6A100BCEE35E420000E7D3
ike 0:VPN_ZZZ_2:28: out 1FD3F2C0A2F037F9BA6A100BCEE35E42081005013AE31A200000005C856A763EBE0B4FFC5D69C85B80E7D6BBBD43857D4C1D3F28D16C673ED97D19C8D929618E4940AF4849616820471782B8FCA4BB0939C566C7B877E7E258906244
ike 0:VPN_ZZZ_2:28: sent IKE msg (R-U-THERE): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=92, id=1fd3f2c0a2f037f9/ba6a100bcee35e42:3ae31a20
ike 0: comes AAA.AA.AA.AA:500->BB.BB.BBB.BBB:500,ifindex=3....
ike 0: IKEv1 exchange=Informational id=1fd3f2c0a2f037f9/ba6a100bcee35e42:ecc97f7b len=92
ike 0: in 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501ECC97F7B0000005C43152FB07228F9A3712FE67ABEFC216A023DD70F5810E61F52CAE6B1428D2B7DEF65035762B87EF2B186BD3B23E3811C38C764564E810B732D0DEE6897BDF8FD
ike 0:VPN_ZZZ_2:28: dec 1FD3F2C0A2F037F9BA6A100BCEE35E4208100501ECC97F7B0000005C0B00001882BA425701746EF4C04204010315D7E8E6CFA6E7000000200000000101108D281FD3F2C0A2F037F9BA6A100BCEE35E42000122BE30EB2FB8994D5507
ike 0:VPN_ZZZ_2:28: notify msg received: R-U-THERE
bueno te explico, el debug reflejado aquí dice lo siguiente:
R-U-There-ack: significa que intenta 3 veces tomar la conexion, pero no logra comunicarse esta muere.
y lo demas, quiere decir que tienes mal el método de encriptacion.
eso solamente, por eso no te levanta.
mientras tu tienes
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: type = AUTH_ALG, val=SHA1
el equipo peer tiene:
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: trans_id = ESP_AES (key_len = 128)
ike 0:VPN_ZZZ_2:28:TUNNEL_ZZZ_2:149878: type = AUTH_ALG, val=SHA1
fijate en los log que publicastes y dice my proposal y incoming proposal
con eso tu problema deberia solucionarce
Re: fallo VPN desde actualizacion a MR3
los dos equipos ya tienen el mismo "my proposal" y "incoming proposal" y sigue sin funcionar
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: IPsec SA connect 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: using existing connection
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: config found
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: IPsec SA connect 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 negotiating
ike 0:VPN_ZZZ_2:43: cookie 5bf15806327ff5eb/c53176d18e7c657e:e5990709
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: initiator selectors 0 0:0.0.0.0/0.0.0.0:0:0->0:0.0.0.0/0.0.0.0:0:0
ike 0:VPN_ZZZ_2:43: enc 5BF15806327FF5EBC53176D18E7C657E08102001E59907090000016001000018B2432F708A465B798A7B9CA14166CF3375D910CF0A000034000000010000000100000028010304014CBE027E0000001C010300008001000180020708800400018005000280030005040000143AEEDBAAF9B2C9C522B912266F7401E3050000C4E09D4FFED396C0FED6FF6014465D828FAA85B2C96D3BBE2401BD4E6BD8057C6A707A06394D75CE955E4458E1F9F9CEED6B79009EAB78B13941249486A8F6A779B7E0A627BFC91ACCCD738736179D59CD3BAB512B01460FF5445F11E571A262726BED939FF48977AF7959317AAC1239B89E19F16C6211ACD592548DB60DCB8AAF431CE4348480B58A33C73795637F98CCBC0C99870AB2B9B4AD81882504C54BA28C4FCC9E7AD0FBE23A245DDA3DE83AB3CBDE6AAFB38933380403098864C9E18C0500001004000000000000000000000000000010040000000000000000000000
ike 0:VPN_ZZZ_2:43: out 5BF15806327FF5EBC53176D18E7C657E08102001E59907090000016411A0BBD494ACDC52BEDAF1D537B33BB33268E8327AFCC424A7DD8AF4D135CCBF5456B521DEB3054C89D6BBA109B32B9293313DA5B23B3595868BC0EEDACFAE847BAF5F4B1013458649FBEDF9CA635FD5198CDD4B3A8F27B7D7E3F47402065DC6A21E0655C5E23F12073BE348B14FF838B5DCACFF706A8C31D54D83A9FA41BA119DBD7FDB1E7B039A125E33AE852FEA705DB95E74D6970EB410F5C6783907A519F8B89DA7DFF10982AA93F740529F96C501EE1FF5219450B72FCC140528621858DE33B7B76280971B1558221BA9436CBAF366374B1443A09C5890A33258A3C9F6E3404034498AFDCD9B3D8D0A76C788414FDB707A690A99BDB460C0B2C93BE9D9626EF56018C4420C0C5F0DFAF9858FCCE96C5F2F584F77C0D3F50ECA245029E78221FFD8B89575D7AA6B8E98782938963C66E8C6BD5C1D904249B5366263F91AE910B9C09CF62B3A
ike 0:VPN_ZZZ_2:43: sent IKE msg (quick_i1send): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=356, id=5bf15806327ff5eb/c53176d18e7c657e:e5990709
ike 0: comes AAA.AA.AA.AA:500->BB.BB.BBB.BBB:500,ifindex=3....
ike 0: IKEv1 exchange=Quick id=5bf15806327ff5eb/c53176d18e7c657e:e5990709 len=356
ike 0: in 5BF15806327FF5EBC53176D18E7C657E08102001E599070900000164E1A187707DB093586E74A8684492A850830E57255D0D9E847B7844D3EB79147639DEDD0A6B72CA5B3608220C1C93C919B0874544298F522A6F33F340062807F8ED4AECEF42D987F84E629E00037293B5AAE88035DD9578E1236A613493614114A082686E763D565B49F937561800CFF7531FB971838F9702D13E110B73DFAB6DAABEB854AADFF5A0B089585CB6C796D2B6625A441E69D0B2EBA434D1BA71E29635C4B38331DA174A4FB433484E5163D7B2116BFC8DF8D9EC110D9E5BFA99607F21997300C14E5EF275A9E3292217FA8271FA70BFEBEC1EBF6DABD63ED78471D9812F63CEC1EA980D968483BFD541D3D955B5F9EE81953CAA69C5F354FDA0D2FDADCA240C0B18AFFABFDFA61C4397299B9728EDD949EEC3C474FC748E7EBAF61654DE8F1D77A2928E256ED21155A4074B02A344F4A1A8B7878698D0C950330C094EF2829698662340
ike 0:VPN_ZZZ_2:43: dec 5BF15806327FF5EBC53176D18E7C657E08102001E599070900000164010000185EF1F486234DCF2DBDB498062B6DA02E16F00ACC0A000034000000010000000100000028010304018453C9BA0000001C01030000800100018002070880040001800500028003000504000014BABE06F8D55AB5FAE7081648AB369803050000C41B4B009A296609B4194B9E42CB1419EDE865BC61016F8C648061EE900E7343EBFF9528DB23EB282557E6B6861281705D896DEF4AF45D3BED3C66418147EDEACE2DB6EB02F0B1BB1A5A78A401691DE93BF92B62C777A1FA61ECF74F2C6C73894B82EE16DE1F131B0BA77D111C4B0E23EEF3D293D0E64AFF2686F5C577FA5FA8EC0EF48B62CDB2BBB07F7AEDC281A0A7CF688A0C60ECDD527E6A5AEA6425B3271C55EF87B22D9E371B10C2C1C17AD3369184124C141DAA10A18B4CC81AB0B860CE050000100400000000000000000000000000001004000000000000000000000030677A03
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: responder selectors 0:0.0.0.0/0.0.0.0:0->0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: my proposal:
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: proposal id = 1:
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: PFS DH group = 5
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: incoming proposal:
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: proposal id = 1:
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: PFS DH group = 5
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:43: enc 5BF15806327FF5EBC53176D18E7C657E08102001E59907090000003400000018E6F2FE71A5FA43A5CC01C325870FE7E1FBBE46C9
ike 0:VPN_ZZZ_2:43: out 5BF15806327FF5EBC53176D18E7C657E08102001E59907090000003CABD8E7FF192FA34948D6346431DF36EC048B82195B9D16F1DE994BF6952567FD
ike 0:VPN_ZZZ_2:43: sent IKE msg (quick_i2send): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=60, id=5bf15806327ff5eb/c53176d18e7c657e:e5990709
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: replay protection enabled
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: SA life soft seconds=1749.
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: SA life hard seconds=1800.
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: IPsec SA selectors #src=1 #dst=1
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: src 0 4 0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: dst 0 4 0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: add IPsec SA: SPIs=4cbe027e/8453c9ba
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: IPsec SA dec spi 4cbe027e key 24:421AECF93CC34882A75688308FA1A67CD41AC87DAEEB5A74 auth 20:91EA501F68B592737D82196F8C58F08B419A7530
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: IPsec SA enc spi 8453c9ba key 24:24DDED569E505F3FFEE33EAFABFA124AC242AD94B86CF727 auth 20:3263A9B21C456173D02355051EBAF3C9711D3DBA
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: added IPsec SA: SPIs=4cbe027e/8453c9ba
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: sending SNMP tunnel UP trap
ike 0:VPN_ZZZ_2: link is idle 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 dpd=1 seqno=f69b
ike 0: comes AAA.AA.AA.AA:500->BB.BB.BBB.BBB:500,ifindex=3....
ike 0: IKEv1 exchange=Informational id=5ecceb295ece1f8d/d9c85f1e4b615ade:78da01e2 len=92
ike 0: in 5ECCEB295ECE1F8DD9C85F1E4B615ADE0810050178DA01E20000005C0221D6ADC94680A3A0B39D21B50B5D95BC73B969C5C12D455B8ADB5E9F9E2C9DEFAF1A091C1D95AE5BBC7BBD98A455926AF44FA40C73622CAA9229936B98A509
ike 0:VPN_ZZZ_2:44: dec 5ECCEB295ECE1F8DD9C85F1E4B615ADE0810050178DA01E20000005C0B000018A7D17F5698F8015E95415711C3C549534A3C74D5000000200000000101108D285ECCEB295ECE1F8DD9C85F1E4B615ADE00013190F017D07B285CD807
ike 0:VPN_ZZZ_2:44: notify msg received: R-U-THERE
ike 0:VPN_ZZZ_2:44: enc 5ECCEB295ECE1F8DD9C85F1E4B615ADE081005010AF77C1E000000540B0000181F8E6995766C858DC74FB6E2BAB84D9ABCA15878000000200000000101108D295ECCEB295ECE1F8DD9C85F1E4B615ADE00013190
ike 0:VPN_ZZZ_2:44: out 5ECCEB295ECE1F8DD9C85F1E4B615ADE081005010AF77C1E0000005CEF19BE38B435F39A851E6F8D746EAA8AFC3E4B7ADEE3EA4CC04E76918D19F923FCE2E9CCCA7131DDE5454174E0D3C8E8E87ADB644E22F88487D8108F14BFC457
ike 0:VPN_ZZZ_2:44: sent IKE msg (R-U-THERE-ACK): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=92, id=5ecceb295ece1f8d/d9c85f1e4b615ade:0af77c1e
ike 0:VPN_ZZZ_2: link is idle 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 dpd=1 seqno=f69c
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: IPsec SA connect 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: using existing connection
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: config found
ike 0:VPN_ZZZ_2:TUNNEL_ZZZ_2: IPsec SA connect 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 negotiating
ike 0:VPN_ZZZ_2:43: cookie 5bf15806327ff5eb/c53176d18e7c657e:e5990709
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: initiator selectors 0 0:0.0.0.0/0.0.0.0:0:0->0:0.0.0.0/0.0.0.0:0:0
ike 0:VPN_ZZZ_2:43: enc 5BF15806327FF5EBC53176D18E7C657E08102001E59907090000016001000018B2432F708A465B798A7B9CA14166CF3375D910CF0A000034000000010000000100000028010304014CBE027E0000001C010300008001000180020708800400018005000280030005040000143AEEDBAAF9B2C9C522B912266F7401E3050000C4E09D4FFED396C0FED6FF6014465D828FAA85B2C96D3BBE2401BD4E6BD8057C6A707A06394D75CE955E4458E1F9F9CEED6B79009EAB78B13941249486A8F6A779B7E0A627BFC91ACCCD738736179D59CD3BAB512B01460FF5445F11E571A262726BED939FF48977AF7959317AAC1239B89E19F16C6211ACD592548DB60DCB8AAF431CE4348480B58A33C73795637F98CCBC0C99870AB2B9B4AD81882504C54BA28C4FCC9E7AD0FBE23A245DDA3DE83AB3CBDE6AAFB38933380403098864C9E18C0500001004000000000000000000000000000010040000000000000000000000
ike 0:VPN_ZZZ_2:43: out 5BF15806327FF5EBC53176D18E7C657E08102001E59907090000016411A0BBD494ACDC52BEDAF1D537B33BB33268E8327AFCC424A7DD8AF4D135CCBF5456B521DEB3054C89D6BBA109B32B9293313DA5B23B3595868BC0EEDACFAE847BAF5F4B1013458649FBEDF9CA635FD5198CDD4B3A8F27B7D7E3F47402065DC6A21E0655C5E23F12073BE348B14FF838B5DCACFF706A8C31D54D83A9FA41BA119DBD7FDB1E7B039A125E33AE852FEA705DB95E74D6970EB410F5C6783907A519F8B89DA7DFF10982AA93F740529F96C501EE1FF5219450B72FCC140528621858DE33B7B76280971B1558221BA9436CBAF366374B1443A09C5890A33258A3C9F6E3404034498AFDCD9B3D8D0A76C788414FDB707A690A99BDB460C0B2C93BE9D9626EF56018C4420C0C5F0DFAF9858FCCE96C5F2F584F77C0D3F50ECA245029E78221FFD8B89575D7AA6B8E98782938963C66E8C6BD5C1D904249B5366263F91AE910B9C09CF62B3A
ike 0:VPN_ZZZ_2:43: sent IKE msg (quick_i1send): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=356, id=5bf15806327ff5eb/c53176d18e7c657e:e5990709
ike 0: comes AAA.AA.AA.AA:500->BB.BB.BBB.BBB:500,ifindex=3....
ike 0: IKEv1 exchange=Quick id=5bf15806327ff5eb/c53176d18e7c657e:e5990709 len=356
ike 0: in 5BF15806327FF5EBC53176D18E7C657E08102001E599070900000164E1A187707DB093586E74A8684492A850830E57255D0D9E847B7844D3EB79147639DEDD0A6B72CA5B3608220C1C93C919B0874544298F522A6F33F340062807F8ED4AECEF42D987F84E629E00037293B5AAE88035DD9578E1236A613493614114A082686E763D565B49F937561800CFF7531FB971838F9702D13E110B73DFAB6DAABEB854AADFF5A0B089585CB6C796D2B6625A441E69D0B2EBA434D1BA71E29635C4B38331DA174A4FB433484E5163D7B2116BFC8DF8D9EC110D9E5BFA99607F21997300C14E5EF275A9E3292217FA8271FA70BFEBEC1EBF6DABD63ED78471D9812F63CEC1EA980D968483BFD541D3D955B5F9EE81953CAA69C5F354FDA0D2FDADCA240C0B18AFFABFDFA61C4397299B9728EDD949EEC3C474FC748E7EBAF61654DE8F1D77A2928E256ED21155A4074B02A344F4A1A8B7878698D0C950330C094EF2829698662340
ike 0:VPN_ZZZ_2:43: dec 5BF15806327FF5EBC53176D18E7C657E08102001E599070900000164010000185EF1F486234DCF2DBDB498062B6DA02E16F00ACC0A000034000000010000000100000028010304018453C9BA0000001C01030000800100018002070880040001800500028003000504000014BABE06F8D55AB5FAE7081648AB369803050000C41B4B009A296609B4194B9E42CB1419EDE865BC61016F8C648061EE900E7343EBFF9528DB23EB282557E6B6861281705D896DEF4AF45D3BED3C66418147EDEACE2DB6EB02F0B1BB1A5A78A401691DE93BF92B62C777A1FA61ECF74F2C6C73894B82EE16DE1F131B0BA77D111C4B0E23EEF3D293D0E64AFF2686F5C577FA5FA8EC0EF48B62CDB2BBB07F7AEDC281A0A7CF688A0C60ECDD527E6A5AEA6425B3271C55EF87B22D9E371B10C2C1C17AD3369184124C141DAA10A18B4CC81AB0B860CE050000100400000000000000000000000000001004000000000000000000000030677A03
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: responder selectors 0:0.0.0.0/0.0.0.0:0->0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: my proposal:
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: proposal id = 1:
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: PFS DH group = 5
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: incoming proposal:
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: proposal id = 1:
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: protocol id = IPSEC_ESP:
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: PFS DH group = 5
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: trans_id = ESP_3DES
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: encapsulation = ENCAPSULATION_MODE_TUNNEL
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: type = AUTH_ALG, val=SHA1
ike 0:VPN_ZZZ_2:43: enc 5BF15806327FF5EBC53176D18E7C657E08102001E59907090000003400000018E6F2FE71A5FA43A5CC01C325870FE7E1FBBE46C9
ike 0:VPN_ZZZ_2:43: out 5BF15806327FF5EBC53176D18E7C657E08102001E59907090000003CABD8E7FF192FA34948D6346431DF36EC048B82195B9D16F1DE994BF6952567FD
ike 0:VPN_ZZZ_2:43: sent IKE msg (quick_i2send): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=60, id=5bf15806327ff5eb/c53176d18e7c657e:e5990709
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: replay protection enabled
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: SA life soft seconds=1749.
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: SA life hard seconds=1800.
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: IPsec SA selectors #src=1 #dst=1
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: src 0 4 0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: dst 0 4 0:0.0.0.0/0.0.0.0:0
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: add IPsec SA: SPIs=4cbe027e/8453c9ba
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: IPsec SA dec spi 4cbe027e key 24:421AECF93CC34882A75688308FA1A67CD41AC87DAEEB5A74 auth 20:91EA501F68B592737D82196F8C58F08B419A7530
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: IPsec SA enc spi 8453c9ba key 24:24DDED569E505F3FFEE33EAFABFA124AC242AD94B86CF727 auth 20:3263A9B21C456173D02355051EBAF3C9711D3DBA
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: added IPsec SA: SPIs=4cbe027e/8453c9ba
ike 0:VPN_ZZZ_2:43:TUNNEL_ZZZ_2:160365: sending SNMP tunnel UP trap
ike 0:VPN_ZZZ_2: link is idle 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 dpd=1 seqno=f69b
ike 0: comes AAA.AA.AA.AA:500->BB.BB.BBB.BBB:500,ifindex=3....
ike 0: IKEv1 exchange=Informational id=5ecceb295ece1f8d/d9c85f1e4b615ade:78da01e2 len=92
ike 0: in 5ECCEB295ECE1F8DD9C85F1E4B615ADE0810050178DA01E20000005C0221D6ADC94680A3A0B39D21B50B5D95BC73B969C5C12D455B8ADB5E9F9E2C9DEFAF1A091C1D95AE5BBC7BBD98A455926AF44FA40C73622CAA9229936B98A509
ike 0:VPN_ZZZ_2:44: dec 5ECCEB295ECE1F8DD9C85F1E4B615ADE0810050178DA01E20000005C0B000018A7D17F5698F8015E95415711C3C549534A3C74D5000000200000000101108D285ECCEB295ECE1F8DD9C85F1E4B615ADE00013190F017D07B285CD807
ike 0:VPN_ZZZ_2:44: notify msg received: R-U-THERE
ike 0:VPN_ZZZ_2:44: enc 5ECCEB295ECE1F8DD9C85F1E4B615ADE081005010AF77C1E000000540B0000181F8E6995766C858DC74FB6E2BAB84D9ABCA15878000000200000000101108D295ECCEB295ECE1F8DD9C85F1E4B615ADE00013190
ike 0:VPN_ZZZ_2:44: out 5ECCEB295ECE1F8DD9C85F1E4B615ADE081005010AF77C1E0000005CEF19BE38B435F39A851E6F8D746EAA8AFC3E4B7ADEE3EA4CC04E76918D19F923FCE2E9CCCA7131DDE5454174E0D3C8E8E87ADB644E22F88487D8108F14BFC457
ike 0:VPN_ZZZ_2:44: sent IKE msg (R-U-THERE-ACK): BB.BB.BBB.BBB:500->AAA.AA.AA.AA:500, len=92, id=5ecceb295ece1f8d/d9c85f1e4b615ade:0af77c1e
ike 0:VPN_ZZZ_2: link is idle 3 BB.BB.BBB.BBB->AAA.AA.AA.AA:500 dpd=1 seqno=f69c
Re: fallo VPN desde actualizacion a MR3
Hola, la vpn la ves UP ????
temas rutas?
usas policy routes?
saludos.
temas rutas?
usas policy routes?
saludos.
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst
Re: fallo VPN desde actualizacion a MR3
Hola,
las VPN's siempre estan en UP.
si que uso policiy y static route, te detallo a continuación:
La VPN se realiza desde la wan1 del equipo A a la wan2 del equipo B en modo interface. Me pasa lo mismo con otro equipo C que la VPN NO esta en modo interface, y la configuración es muy parecida.
Policy Route:
equipo A
incoming -> outgoing -> source -> destination -> port
internal1 -> wan2 -> 192.168.10.0/255.255.255.0 -> xx.---.---.xx/255.255.255.255 -> 443
internal1 -> wan1 -> 192.168.10.0/255.255.255.0 -> xx.---.---.xx/255.255.255.255 -> 1-65535
internal1 -> wan1 -> 192.168.10.0/255.255.255.0 -> 0.0.0.0/0.0.0.0 -> 80
internal1 -> wan1 -> 192.168.10.0/255.255.255.0 -> xx.---.---.xx/255.255.255.255 -> 443
internal1 -> wan1 -> 192.168.10.0/255.255.255.0 -> 0.0.0.0/0.0.0.0 -> 21
equipo B
internal1 -> wan1 -> 192.168.5.0/255.255.255.0 -> xx.---.---.xx/255.255.255.255 -> 443
internal1 -> wan2 -> 192.168.5.0/255.255.255.0 -> xx.---.---.xx/255.255.255.255 -> 1-65535
internal1 -> wan2 -> 192.168.5.0/255.255.255.0 -> 0.0.0.0/0.0.0.0 -> 80
internal1 -> wan2 -> 192.168.5.0/255.255.255.0 -> xx.---.---.xx/255.255.255.255 -> 443
internal1 -> wan2 -> 192.168.5.0/255.255.255.0 -> 0.0.0.0/0.0.0.0 -> 21
Static Route:
Distance -> priority -> ip/mask -> gateway -> device
Equipo A
15 -> 0 -> 0.0.0.0/0.0.0.0 -> ---.xx.xx.x -> wan1
15 -> 0 -> 0.0.0.0/0.0.0.0 -> ---.xx.xx.x -> wan2
10 -> 0 -> 10.10.1.0/255.255.255.0 -> ---.xx.xx.x -> wan1
10 -> 0 -> 192.168.7.0/255.255.255.0 -> ---.xx.xx.x -> wan1
10 -> 0 -> 192.168.2.0/255.255.255.0 -> ---.xx.xx.x -> internal1
10 -> 0 -> 192.168.1.0/255.255.255.0 -> ---.xx.xx.x -> wan1
5 -> 0 -> 192.168.5.0/255.255.255.0 -> ... -> VPN_ZZZ_2
Equipo B
15 -> 0 -> 0.0.0.0/0.0.0.0 -> ---.xx.xx.x -> wan1
15 -> 0 -> 0.0.0.0/0.0.0.0 -> ---.xx.xx.x -> wan2
10 -> 0 -> 192.168.7.0/255.255.255.0 -> ---.xx.xx.x -> wan2
5 -> 0 -> 192.168.10.0/255.255.255.0 -> ... -> VPN_YYY_2
las VPN's siempre estan en UP.
si que uso policiy y static route, te detallo a continuación:
La VPN se realiza desde la wan1 del equipo A a la wan2 del equipo B en modo interface. Me pasa lo mismo con otro equipo C que la VPN NO esta en modo interface, y la configuración es muy parecida.
Policy Route:
equipo A
incoming -> outgoing -> source -> destination -> port
internal1 -> wan2 -> 192.168.10.0/255.255.255.0 -> xx.---.---.xx/255.255.255.255 -> 443
internal1 -> wan1 -> 192.168.10.0/255.255.255.0 -> xx.---.---.xx/255.255.255.255 -> 1-65535
internal1 -> wan1 -> 192.168.10.0/255.255.255.0 -> 0.0.0.0/0.0.0.0 -> 80
internal1 -> wan1 -> 192.168.10.0/255.255.255.0 -> xx.---.---.xx/255.255.255.255 -> 443
internal1 -> wan1 -> 192.168.10.0/255.255.255.0 -> 0.0.0.0/0.0.0.0 -> 21
equipo B
internal1 -> wan1 -> 192.168.5.0/255.255.255.0 -> xx.---.---.xx/255.255.255.255 -> 443
internal1 -> wan2 -> 192.168.5.0/255.255.255.0 -> xx.---.---.xx/255.255.255.255 -> 1-65535
internal1 -> wan2 -> 192.168.5.0/255.255.255.0 -> 0.0.0.0/0.0.0.0 -> 80
internal1 -> wan2 -> 192.168.5.0/255.255.255.0 -> xx.---.---.xx/255.255.255.255 -> 443
internal1 -> wan2 -> 192.168.5.0/255.255.255.0 -> 0.0.0.0/0.0.0.0 -> 21
Static Route:
Distance -> priority -> ip/mask -> gateway -> device
Equipo A
15 -> 0 -> 0.0.0.0/0.0.0.0 -> ---.xx.xx.x -> wan1
15 -> 0 -> 0.0.0.0/0.0.0.0 -> ---.xx.xx.x -> wan2
10 -> 0 -> 10.10.1.0/255.255.255.0 -> ---.xx.xx.x -> wan1
10 -> 0 -> 192.168.7.0/255.255.255.0 -> ---.xx.xx.x -> wan1
10 -> 0 -> 192.168.2.0/255.255.255.0 -> ---.xx.xx.x -> internal1
10 -> 0 -> 192.168.1.0/255.255.255.0 -> ---.xx.xx.x -> wan1
5 -> 0 -> 192.168.5.0/255.255.255.0 -> ... -> VPN_ZZZ_2
Equipo B
15 -> 0 -> 0.0.0.0/0.0.0.0 -> ---.xx.xx.x -> wan1
15 -> 0 -> 0.0.0.0/0.0.0.0 -> ---.xx.xx.x -> wan2
10 -> 0 -> 192.168.7.0/255.255.255.0 -> ---.xx.xx.x -> wan2
5 -> 0 -> 192.168.10.0/255.255.255.0 -> ... -> VPN_YYY_2
Re: fallo VPN desde actualizacion a MR3
hola, deberias hacer alguna policy route para enviar el trafico destino por la vpn??
saludos.
saludos.
NSE 7 – Fortinet Network Security Architect
NSE 5 - Network Security Analyst
NSE 5 - Network Security Analyst
Re: fallo VPN desde actualizacion a MR3
diagnose vpn ike filter src-addr4
diagnose vpn ike filter dst-addr4
hace un filtro
diagnose vpn ike filter dst-addr4
hace un filtro