I'm having trouble with a site-to-site vpn connection, or to be more
specific, with the master vpn server.

Problem: the vpn connection works fine for a few days (5-6 days) and
then drops.

IKE-screen shows:

23.7.2004 11.17.05 ***Receive Main Mode message from <IP Slave-Srv>
23.7.2004 11.17.05 I-COOKIE=A9DD13B41E0739B4,R-COOKIE=
23.7.2004 11.17.05 IKE SA NEGOTIATION: Peer lifetime = 28800 My
23.7.2004 11.17.05 sending notify message type: 28 to <IP Slave-Srv>
23.7.2004 11.17.05 ***Send Unacknowledge Informational message to <IP
23.7.2004 11.17.05 I-COOKIE=A9DD13B41E0739B4,R-COOKIE=
23.7.2004 11.17.05 Error :Server certificate not available , probably
error reading certificate
23.7.2004 11.17.05 Processed SA-PAYLOAD unsuccessful - No usage
certificate available for signature authentication, dst=<IP Slave-Srv>.
23.7.2004 11.17.05 Failed to create IKE-SA - No usage certificate
available for signature authentication , dst = <IP Slave-Srv>
23.7.2004 11.17.08 IKE-SA 90F21000 is Deleted,I-COOKIE=A9DD13B4,R-
COOKIE=92BBFCEB,dst=<IP Slave-Srv>
23.7.2004 11.17.08 State:0 Cond:4 TimerEvent:1
23.7.2004 11.17.08 lifetime :0 sec Rekey Time :0 sec
23.7.2004 11.17.08 Created at :0 sec Remaining life time :-489226 sec
Current time 489226

The critical message is "Error :Server certificate not available ,
probably error reading certificate", I think.

The question is, why does the (which?) certificate become unavailable?

First I thought, that the certificate server is not working anymore, but
validation and creation of certificates is still possible.

To solve the problem, the only way I have found so far, is to reboot the
server. It's not enough to:

- do "stopvpn" and "startvpn"
- reload ike
- reload pki/sas

The Slave vpn server is not part of the problem, I think, because only
the master vpn server has to be rebootet.

I already tried "runvpn -l3" but inside this log file I can not see any

Master and Slave vpn servers have been NW 6.5 without SP, BM 3.8 without

Master vpn server is now updated with NW 6.5 SP2, but vpn problem still

Any suggestions and tips are highly appreciated.

Thanks in advance,