Hi,
I have a BM3.8 doing a VPN tunnel with a Cisco concentrator. The tunnel
for some reason goes down pretty often, and spends from few minutes to
more than an hour to reestablish by itself.

When it happens I receive a delete message from the Cisco like this
one:

10-17-2005 2:10:22 pm Start IPSEC SA 41FAB900 - Initiator****totSA=1
10-17-2005 2:10:22 pm src from IPsec
10-17-2005 2:10:22 pm 100201F4 0C207CA8
10-17-2005 2:10:22 pm dst from IPsec
10-17-2005 2:10:22 pm 100201F4 4458E6FE
10-17-2005 2:10:22 pm *Sending proxy ID type 4
172.21.10.19/255.255.255.255
10-17-2005 2:10:22 pm *Sending proxy ID type 4
150.128.101.30/255.255.255.255
10-17-2005 2:10:22 pm ***Send Quick Mode message to 68.88.230.254
10-17-2005 2:10:22 pm
I-COOKIE=709DE30B4FCA4358,R-COOKIE=5268963F88A7BD98,MsgID=2D41B998,1stPL=HASH-PAYLOAD,state=1164067704
10-17-2005 2:10:22 pm ***Receive Quick Mode message from 68.88.230.254
10-17-2005 2:10:22 pm
I-COOKIE=709DE30B4FCA4358,R-COOKIE=5268963F88A7BD98,MsgID=2D41B998,1stPL=HASH-PAYLOAD,state=1164067704
10-17-2005 2:10:22 pm Received (QM) proxy ID 172.21.10.19 -
150.128.101.30
10-17-2005 2:10:22 pm IPSE SA NEGOTIATION: Peer lifetime = 7200 My
lifetime=7200
10-17-2005 2:10:22 pm Received (QM) proxy ID 172.21.10.19 -
150.128.101.30
10-17-2005 2:10:22 pm ***Send Quick Mode message to 68.88.230.254
10-17-2005 2:10:22 pm
I-COOKIE=709DE30B4FCA4358,R-COOKIE=5268963F88A7BD98,MsgID=2D41B998,1stPL=HASH-PAYLOAD,state=1164067704
10-17-2005 2:10:22 pm ESP-SA is created:algorID=esp
3des,mySPI=75BB2E4D,peerSPI=41566645,time=271528 ,dst=68.88.230.254
10-17-2005 2:10:52 pm ***Receive Unacknowledge Informational message
from 68.88.230.254
10-17-2005 2:10:52 pm
I-COOKIE=709DE30B4FCA4358,R-COOKIE=5268963F88A7BD98,MsgID=780793AA,1stPL=HASH-PAYLOAD,state=1164067704
10-17-2005 2:10:52 pm Recieved ipsec sa delete from 68.88.230.254
10-17-2005 2:10:52 pm ESP-SA is deleted :algorID=esp
3des,mySPI=ACC7E5A2,peerSPI=B1C9E038,time=271557,d st=68.88.230.254

And on the CISCO side they have in their log something like this:

2005-10-17 13:49:48 Local7.Notice VPN Conc 1 380145535: 2005
Oct 17 13:57:45.150 CDT -5:00 %AUTH-5-23: RPT=82085: 12.32.124.168:
User [12.32.124.168], Group [12.32.124.168] disconnected: duration:
6:00:32
2005-10-17 13:49:48 Local7.Notice VPN Conc 1 380145537: 2005
Oct 17 13:57:45.150 CDT -5:00 %AUTH-5-85: RPT=82061: LAN-to-LAN
tunnel
to headend device 12.32.124.168 disconnected: duration: 6:00:32


I asked them if they have any rule in their side that would trigger
this disconnection. They tell me no and ask me if there is a timer set
on bordermanager.
I donít have a lot of experience with bordermanager but it seems to me
that I can adjust only the rekey timers for IPSEC and IKE. They are set
to 2 hrs and 8 hrs, beside that I do not see anything.

I am seeking some help on this subject, and would like to know if
someone had the same experience.

Thanks in advance,

David.


--
dbertrand