VPN IPSec L2L - ASA5540 StonGate

Virtual private networks e affini

Moderatore: Federico.Lagni

Rispondi
EOSman
n00b
Messaggi: 3
Iscritto il: lun 27 apr , 2009 8:33 am

Ciao a tutti ragazzi,
ho un problema di questo tipo: ho una VPN IPSec tra la mia coppia di ASA5540 in failover e un Cluster VPN StonGate di un fornitore.
La VPN è configurata e gli host configurati negli encryption domain si pingano tranquillamente. Il problema è che ogni tanto c'è una rinegoziazione delle P1 e P2.
Allego un piccolo estratto del SysLog. Premetto che tutti i paramenti di LifeTime SA e IPSec sono speculari da entrambe le parti.

:Group = 80.82.2.19, IP = 80.82.2.19, IKE SA MM:acb105f3 rcv'd Terminate: state MM_ACTIVE flags 0x00000062, refcnt 1, tuncnt 2
:(VPN-Secondary) Sending Phase 1 Terminate message (type L2L, remote
addr 80.82.2.19, my cookie ACB105F3, his cookie D2A95AEB) to standby unit
:Group = 80.82.2.19, IP = 80.82.2.19, sending delete/delete with reason message
:Group = 80.82.2.19, IP = 80.82.2.19, constructing blank hash payload
:Group = 80.82.2.19, IP = 80.82.2.19, constructing IPSec delete payload
:Group = 80.82.2.19, IP = 80.82.2.19, constructing qm hash payload
:(VPN-Primary) Receiving Phase 1 Terminate message (type L2L, remote addr 80.82.2.19, my cookie ACB105F3, his cookie D2A95AEB) from active unit
:IP = 80.82.2.19, IKE_DECODE SENDING Message (msgid=6d0a68a3) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 64
:Built outbound UDP connection 265443674 for outside:80.82.2.19/500 (80.82.2.19/500) to NP Identity Ifc:89.97.250.201/500 (89.97.250.201/500)
:(VPN-Secondary) Sending Phase2 Terminate message (my cookie ACB105F3, his cookie D2A95AEB, old msg id 00000000, msg id E2EFAE19) to standby unit
:Group = 80.82.2.19, IP = 80.82.2.19, Active unit receives a delete event for remote peer 80.82.2.19
:Group = 80.82.2.19, IP = 80.82.2.19, sending delete/delete with reason message
:Group = 80.82.2.19, IP = 80.82.2.19, constructing blank hash payload
:Group = 80.82.2.19, IP = 80.82.2.19, constructing IPSec delete payload
:Group = 80.82.2.19, IP = 80.82.2.19, constructing qm hash payload
:IP = 80.82.2.19, IKE_DECODE SENDING Message (msgid=a3c30ecc) with payloads : HDR + HASH (8) + DELETE (12) + NONE (0) total length : 64
:(VPN-Primary) Receiving Phase2 Terminate message (my cookie ACB105F3, his cookie D2A95AEB, old msg id 00000000, msg id E2EFAE19) from active unit
:(VPN-Secondary) Sending Phase2 Terminate message (my cookie ACB105F3, his cookie D2A95AEB, old msg id 00000000, msg id AF37F60E) to standby unit

Grazie a tutti,
Felix.

:wink:
Top
Rispondi

Torna a “VPN”