Hi,

I have 2 third party S2S VPN set up on a BM3.8, one tunnel is working
fine but the other is having some issues. The tunnel drops time to time
and comes back up by itself about one hour after.
The remote peer has a Cisco concentrator 3000 and all the VPN's
parameters match in both sides.


Here a portion of the IKE log:
************************************************** *************
9-26-2005 7:03:29 pm Start IPSEC SA 40A125A0 - Initiator****totSA=1
9-26-2005 7:03:29 pm src from IPsec
9-26-2005 7:03:29 pm 100201F4 0C207CA8
9-26-2005 7:03:29 pm dst from IPsec
9-26-2005 7:03:29 pm 100201F4 4458E6FE
9-26-2005 7:03:29 pm *Sending proxy ID type 4
172.21.10.19/255.255.255.255
9-26-2005 7:03:29 pm *Sending proxy ID type 4
150.128.101.30/255.255.255.255
9-26-2005 7:03:29 pm ***Send Quick Mode message to 68.88.230.254
9-26-2005 7:03:29 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=6AA69611,1stPL=HASH-PAYLOAD,state=1188569976
9-26-2005 7:03:29 pm ***Receive Quick Mode message from 68.88.230.254
9-26-2005 7:03:29 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=6AA69611,1stPL=HASH-PAYLOAD,state=1188569976
9-26-2005 7:03:29 pm Received (QM) proxy ID 172.21.10.19 -
150.128.101.30
9-26-2005 7:03:29 pm IPSE SA NEGOTIATION: Peer lifetime = 7200 My
lifetime=7200
9-26-2005 7:03:29 pm Received (QM) proxy ID 172.21.10.19 -
150.128.101.30
9-26-2005 7:03:29 pm ***Send Quick Mode message to 68.88.230.254
9-26-2005 7:03:29 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=6AA69611,1stPL=HASH-PAYLOAD,state=1188569976
9-26-2005 7:03:29 pm ESP-SA is created:algorID=esp
3des,mySPI=312ABEF1,peerSPI=A74A730D,time=450574 ,dst=68.88.230.254
9-26-2005 7:03:59 pm ***Receive Unacknowledge Informational message
from 68.88.230.254
9-26-2005 7:03:59 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=E418AB0,1stPL=HASH-PAYLOAD,state=1188569976
9-26-2005 7:03:59 pm Recieved ipsec sa delete from 68.88.230.254
9-26-2005 7:03:59 pm ESP-SA is deleted :algorID=esp
3des,mySPI=9089733C,peerSPI=A551DD12,time=450604,d st=68.88.230.254
9-26-2005 8:44:25 pm Start IPSEC SA 40A127E0 - Initiator****totSA=1
9-26-2005 8:44:25 pm src from IPsec
9-26-2005 8:44:25 pm 100201F4 0C207CA8
9-26-2005 8:44:25 pm dst from IPsec
9-26-2005 8:44:25 pm 100201F4 4458E6FE
9-26-2005 8:44:25 pm *Sending proxy ID type 4
172.21.100.200/255.255.255.255
9-26-2005 8:44:25 pm *Sending proxy ID type 4
150.128.101.28/255.255.255.255
9-26-2005 8:44:25 pm ***Send Quick Mode message to 68.88.230.254
9-26-2005 8:44:25 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=97CAC7C1,1stPL=HASH-PAYLOAD,state=1188569976
9-26-2005 8:44:25 pm ***Receive Unacknowledge Informational message
from 68.88.230.254
9-26-2005 8:44:25 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=0,1stPL=NOTIFY-PAYLOAD,state=1188570028
9-26-2005 8:44:25 pm Recieved notify message type 4 from 68.88.230.254

9-26-2005 8:44:25 pm Notify Recvd :Packet could have corrupted on the
way ,retransmit to 68.88.230.254
9-26-2005 8:44:29 pm ***Send Quick Mode message to 68.88.230.254
9-26-2005 8:44:29 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=97CAC7C1,1stPL=HASH-PAYLOAD,state=1188569976
9-26-2005 8:44:29 pm ***Receive Unacknowledge Informational message
from 68.88.230.254
9-26-2005 8:44:29 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=0,1stPL=NOTIFY-PAYLOAD,state=1188570028
9-26-2005 8:44:29 pm Recieved notify message type 4 from 68.88.230.254

9-26-2005 8:44:29 pm Notify Recvd :Packet could have corrupted on the
way ,retransmit to 68.88.230.254
9-26-2005 8:44:30 pm Start IPSEC SA 40A12360 - Initiator****totSA=2
9-26-2005 8:44:30 pm src from IPsec
9-26-2005 8:44:30 pm 100201F4 0C207CA8
9-26-2005 8:44:30 pm dst from IPsec
9-26-2005 8:44:30 pm 100201F4 4458E6FE
9-26-2005 8:44:30 pm *Sending proxy ID type 4
172.21.100.200/255.255.255.255
9-26-2005 8:44:30 pm *Sending proxy ID type 4
150.128.101.30/255.255.255.255
9-26-2005 8:44:30 pm ***Send Quick Mode message to 68.88.230.254
9-26-2005 8:44:30 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=B228C5AF,1stPL=HASH-PAYLOAD,state=1188569976
9-26-2005 8:44:30 pm ***Receive Unacknowledge Informational message
from 68.88.230.254
9-26-2005 8:44:30 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=0,1stPL=NOTIFY-PAYLOAD,state=1188570028
9-26-2005 8:44:30 pm Recieved notify message type 4 from 68.88.230.254

9-26-2005 8:44:30 pm Notify Recvd :Packet could have corrupted on the
way ,retransmit to 68.88.230.254
9-26-2005 8:44:34 pm ***Send Quick Mode message to 68.88.230.254
9-26-2005 8:44:34 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=B228C5AF,1stPL=HASH-PAYLOAD,state=1188569976
9-26-2005 8:44:34 pm ***Receive Unacknowledge Informational message
from 68.88.230.254
9-26-2005 8:44:34 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=0,1stPL=NOTIFY-PAYLOAD,state=1188570028
9-26-2005 8:44:34 pm Recieved notify message type 4 from 68.88.230.254

9-26-2005 8:44:34 pm Notify Recvd :Packet could have corrupted on the
way ,retransmit to 68.88.230.254
9-26-2005 8:44:36 pm ***Send Quick Mode message to 68.88.230.254
9-26-2005 8:44:36 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=97CAC7C1,1stPL=HASH-PAYLOAD,state=1188569976
9-26-2005 8:44:36 pm ***Receive Unacknowledge Informational message
from 68.88.230.254
9-26-2005 8:44:36 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=0,1stPL=NOTIFY-PAYLOAD,state=1188570028
9-26-2005 8:44:36 pm Recieved notify message type 4 from 68.88.230.254

9-26-2005 8:44:36 pm Notify Recvd :Packet could have corrupted on the
way ,retransmit to 68.88.230.254
9-26-2005 8:44:41 pm ***Send Quick Mode message to 68.88.230.254
9-26-2005 8:44:41 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=B228C5AF,1stPL=HASH-PAYLOAD,state=1188569976
9-26-2005 8:44:41 pm ***Receive Unacknowledge Informational message
from 68.88.230.254
9-26-2005 8:44:41 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=0,1stPL=NOTIFY-PAYLOAD,state=1188570028
9-26-2005 8:44:41 pm Recieved notify message type 4 from 68.88.230.254

9-26-2005 8:44:41 pm Notify Recvd :Packet could have corrupted on the
way ,retransmit to 68.88.230.254
9-26-2005 8:44:46 pm ***Send Quick Mode message to 68.88.230.254
9-26-2005 8:44:46 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=97CAC7C1,1stPL=HASH-PAYLOAD,state=1188569976
9-26-2005 8:44:46 pm ***Receive Unacknowledge Informational message
from 68.88.230.254
9-26-2005 8:44:46 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=0,1stPL=NOTIFY-PAYLOAD,state=1188570028
9-26-2005 8:44:46 pm Recieved notify message type 4 from 68.88.230.254

9-26-2005 8:44:46 pm Notify Recvd :Packet could have corrupted on the
way ,retransmit to 68.88.230.254
9-26-2005 8:44:51 pm ***Send Quick Mode message to 68.88.230.254
9-26-2005 8:44:51 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=B228C5AF,1stPL=HASH-PAYLOAD,state=1188569976
9-26-2005 8:44:51 pm ***Receive Unacknowledge Informational message
from 68.88.230.254
9-26-2005 8:44:51 pm
I-COOKIE=B1935C65FCC63B22,R-COOKIE=C10BE1339720473B,MsgID=0,1stPL=NOTIFY-PAYLOAD,state=1188570028
9-26-2005 8:44:51 pm Recieved notify message type 4 from 68.88.230.254

9-26-2005 8:44:51 pm Notify Recvd :Packet could have corrupted on the
way ,retransmit to 68.88.230.254
9-26-2005 8:45:01 pm IKEQMTimeoutHandler: Packet retransmit exceeded
the limit! the SA will be deleted
9-26-2005 8:45:04 pm IKE-SA 42B77000 is
Deleted,I-COOKIE=B1935C65,R-COOKIE=C10BE133,dst=68.88.230.254
9-26-2005 8:45:04 pm State:3 Cond:4 TimerEvent:3
9-26-2005 8:45:04 pm lifetime :28800 sec Rekey Time :27360 sec
9-26-2005 8:45:04 pm Created at :432575 sec Remaining life time
:4668 sec Current time 456708
9-26-2005 8:45:04 pm ESP-SA is deleted :algorID=esp
3des,mySPI=312ABEF1,peerSPI=A74A730D,time=456708,d st=68.88.230.254
9-26-2005 8:45:04 pm ESP-SA is deleted :algorID=esp
3des,mySPI=233BB159,peerSPI=E3CE9E6E,time=456708,d st=68.88.230.254
9-26-2005 8:45:04 pm ESP-SA is deleted :algorID=esp
3des,mySPI=888D9A27,peerSPI=1C78FC2C,time=456708,d st=68.88.230.254

************************************************** ***************


I would like to know if someone has already experienced this kind of
issue and what can be done against it.

Thanks,

David.


--
dbertrand