Thank you for the reply,
the rekeying duration issue has been solved but the main problem still remains.
About every 23 minutes the tunnel gets reconnected.
How can i figure out, what the reason for this (User request seems not adequate)
Here is a fresh log :
2007-06-01T17:17:19+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
REMOTE_LAN_IP, Crypto map (outside_map)
2007-06-01T17:17:20+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated memory for
authorization-dn-attributes
2007-06-01T17:17:20+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-06-01T17:17:21+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x095f6107,
Outbound SPI = 0xba436260
2007-06-01T17:17:21+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=16100297)
2007-06-01T17:40:20+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
2007-06-01T17:40:20+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019: Group =
REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Session
disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:00s, Bytes xmt: 0,
Bytes rcv: 2460, Reason: User Requested
2007-06-01T17:40:39+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
REMOTE_LAN_IP, Crypto map (outside_map)
2007-06-01T17:40:40+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated memory for
authorization-dn-attributes
2007-06-01T17:40:40+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-06-01T17:40:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x5ee13a8c,
Outbound SPI = 0x47be5c1b
2007-06-01T17:40:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=fac746f6)
2007-06-01T18:03:38+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
2007-06-01T18:03:38+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019: Group =
REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Session
disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:22m:58s, Bytes xmt: 0,
Bytes rcv: 2460, Reason: User Requested
2007-06-01T18:03:59+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
REMOTE_LAN_IP, Crypto map (outside_map)
2007-06-01T18:04:00+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated memory for
authorization-dn-attributes
2007-06-01T18:04:00+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-06-01T18:04:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x65cbc57a,
Outbound SPI = 0x49903ef4
2007-06-01T18:04:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=00fccb39)
2007-06-01T18:27:23+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
2007-06-01T18:27:23+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019: Group =
REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Session
disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:23s, Bytes xmt: 0,
Bytes rcv: 2580, Reason: User Requested
2007-06-01T18:27:40+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
REMOTE_LAN_IP, Crypto map (outside_map)
2007-06-01T18:27:41+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated memory for
authorization-dn-attributes
2007-06-01T18:27:41+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-06-01T18:27:42+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x591f6a2d,
Outbound SPI = 0x30a6f800
2007-06-01T18:27:42+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=37df88b5)
Any ideas?
-------- Original-Nachricht --------
Datum: Thu, 31 May 2007 13:25:52 -0500
Von: Paul Murphy <Paul_Murphy@fd.org>
An: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Betreff: Re: [fw-wiz] Cisco VPN reconnection every 23 minutes
> Have you checked your rekey duration on both sides? It looks like one
> peer
> has a considerably shorter rekey value.
>
> Thanks,
>
> Paul Murphy
>
>
>
>
>
> ditribar@gmx.de
> Sent by:
> firewall-wizards- To
> bounces@listserv. firewall-wizards@honor.icsalabs.com
> icsalabs.com cc
>
> Subject
> 05/31/2007 12:24 [fw-wiz] Cisco VPN reconnection
> PM every 23 minutes
>
>
> Please respond to
> Firewall Wizards
> Security Mailing
> List
> <firewall-wizards
> @listserv.icsalab
> s.com>
>
>
>
>
>
>
> can anybody help me to solve the following problem?
>
> A VPN Tunnel is established and working so far, but the connection
> gets
> reconnected about every 23 minutes.
>
> Here are some logs whats happening on PEER1 (AAA.BBB.CCC.DDD) (CISCO
> ASA 5500):
>
> Peer connect
>
> 2007-05-31T17:30:08+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
> REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
> REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
> REMOTE_LAN_IP, Crypto map (outside_map)
> 2007-05-31T17:30:10+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
> Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
> memory for authorization-dn-attributes
> 2007-05-31T17:30:10+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
> REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
> 2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
> rekeying duration from 28800 to 3600 seconds
> 2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
> LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x8d72d873,
> Outbound SPI = 0xee7d09b6
> 2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=2a2a6615)
>
> Peer disconnect again
>
> 2007-05-31T17:53:46+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
> REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
> 2007-05-31T17:53:46+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019:
> Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP,
> Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:36s,
> Bytes xmt: 6572, Bytes rcv: 7772, Reason: User Requested
> 2007-05-31T17:53:58+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
> REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
> REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
> REMOTE_LAN_IP, Crypto map (outside_map)
> 2007-05-31T17:54:00+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
> Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
> memory for authorization-dn-attributes
> 2007-05-31T17:54:00+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
> REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
> 2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
> rekeying duration from 28800 to 3600 seconds
> 2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
> LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x695fe990,
> Outbound SPI = 0x792e9c57
> 2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=b6a126bc)
>
> Manual disconnect
>
> 2007-05-31T18:00:32+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019:
> Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP,
> Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:06m:31s,
> Bytes xmt: 0, Bytes rcv: 0, Reason: Administrator Reset
> 2007-05-31T18:00:32+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
> REMOTE_PEER_IP. Reason: Administrator Reset Remote Proxy REMOTE_LAN_IP,
> Local Proxy LOCAL_PROXY_IP
> 2007-05-31T18:00:39+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
> REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
> REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
> REMOTE_LAN_IP, Crypto map (outside_map)
> 2007-05-31T18:00:40+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
> Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
> memory for authorization-dn-attributes
> 2007-05-31T18:00:40+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
> REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
> 2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
> rekeying duration from 28800 to 3600 seconds
> 2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
> LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x6bccacec,
> Outbound SPI = 0x7a216c5f
> 2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=fe0bd283)
>
> Peer disconnect again
>
> 2007-05-31T18:24:12+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
> REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
> 2007-05-31T18:24:12+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019:
> Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP,
> Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:32s,
> Bytes xmt: 6104, Bytes rcv: 6616, Reason: User Requested
> 2007-05-31T18:25:52+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
> REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
> REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
> REMOTE_LAN_IP, Crypto map (outside_map)
> 2007-05-31T18:25:54+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
> Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
> memory for authorization-dn-attributes
> 2007-05-31T18:25:54+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
> REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
> 2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
> rekeying duration from 28800 to 3600 seconds
> 2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
> LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0xba41c143,
> Outbound SPI = 0xb16e5642
> 2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=c825a866)
>
> ..... disconnect occurs about every 23 minutes
>
>
> Any ideas?
>
> Kind regards
>
> ditribar
> --
> Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten
> Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
--
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|