I have numerous problems with the BorderManager Site-2-Site tunnels.
It finally ran for about 1½ day without problems, but suddenly 1
server (a slave) out of 3, just gave up and lost the tunnel. And I
can't get it up again. I can remote control the server through the
public side without problems. No filters are enabled.
Anyone have an idea?
I kan see that there are issues with IKE and the way it tries to
access the other servers, but I have patched with SP3 IR2.
The CSaudit log contains the following:
On the master I get:
VPN -- Thu Jul 28 11:53:40 2005
Warn :Discard- no IKE SA available message is neither MM nor AG
INIT-RESP : 4165183C6E97EF8E-266EE38E958A2480 dst:192.XX.105.3 src:
On the slave I get:
VPN -- Thu Jul 28 11:52:54 2005
Failed to create IKE SA - Received the message in the wrong state.
reply cookies my-his : 266EE38E958A2480-4165183C6E97EF8E dst:
Allan Brehm Clausen