On 3/26/2010 1:23 PM, Nate Gagne wrote: > Client version 2.1.5 on Windows 7 Pro x64, connecting to an ASA 5505 > 8.2(1). The tunnel is established, and everything is great for ~15 > minutes. After that, even with traffic flowing through the tunnel, it > disconnects. I’ve tried with DPD enabled and disabled, it doesn’t make a > difference. > > Here’s a snippet of the debug log, followed by the relevant ASA config: > ... > 10/03/26 14:12:50 <- : recv NAT-T:IKE packet [REDACTED]:4500 -> > 192.168.16.35:4500 ( 84 bytes ) > 10/03/26 14:12:50 DB : phase1 found > 10/03/26 14:12:50 ii : processing informational packet ( 84 bytes ) > 10/03/26 14:12:50 == : new informational iv ( 8 bytes ) > 10/03/26 14:12:50 =< : cookies 3a603904b57b73db:b0b5f4400d195220 > 10/03/26 14:12:50 =< : message ffc28f81 > 10/03/26 14:12:50 =< : decrypt iv ( 8 bytes ) > 10/03/26 14:12:50 == : decrypt packet ( 84 bytes ) > 10/03/26 14:12:50 <= : trimmed packet padding ( 4 bytes ) > 10/03/26 14:12:50 <= : stored iv ( 8 bytes ) > 10/03/26 14:12:50 << : hash payload > 10/03/26 14:12:50 << : delete payload > 10/03/26 14:12:50 == : informational hash_i ( computed ) ( 20 bytes ) > 10/03/26 14:12:50 == : informational hash_c ( received ) ( 20 bytes ) > 10/03/26 14:12:50 ii : informational hash verified > 10/03/26 14:12:50 ii : received peer DELETE message > 10/03/26 14:12:50 ii : - [REDACTED]:4500 -> 192.168.16.35:4500 > 10/03/26 14:12:50 ii : - isakmp spi = 3a603904b57b73db:b0b5f4400d195220 > 10/03/26 14:12:50 DB : phase1 found > 10/03/26 14:12:50 ii : cleanup, marked phase1 > 3a603904b57b73db:b0b5f4400d195220 for removal > 10/03/26 14:12:50 DB : phase1 soft event canceled ( ref count = 4 ) > 10/03/26 14:12:50 DB : phase1 hard event canceled ( ref count = 3 ) > 10/03/26 14:12:50 DB : phase1 dead event canceled ( ref count = 2 ) > 10/03/26 14:12:50 DB : config deleted ( obj count = 0 ) > 10/03/26 14:12:50 ii : phase1 removal before expire time > 10/03/26 14:12:50 DB : phase1 not found > 10/03/26 14:12:50 DB : phase1 deleted ( obj count = 0 ) > 10/03/26 14:12:50 DB : policy found > 10/03/26 14:12:50 ii : removing IPSEC INBOUND policy > ANY:192.168.0.0/24:* -> ANY:192.168.20.12:* > 10/03/26 14:12:50 K> : send pfkey X_SPDDELETE2 UNSPEC message > 10/03/26 14:12:50 DB : policy found > 10/03/26 14:12:50 ii : removing IPSEC OUTBOUND policy > ANY:192.168.20.12:* -> ANY:192.168.0.0/24:* > 10/03/26 14:12:50 K> : send pfkey X_SPDDELETE2 UNSPEC message > 10/03/26 14:12:50 K< : recv pfkey DELETE ESP message > 10/03/26 14:12:50 ii : removed IPSEC policy route for ANY:192.168.0.0/24:* > 10/03/26 14:12:51 K< : recv pfkey DELETE ESP message > 10/03/26 14:12:51 K< : recv pfkey X_SPDDELETE2 UNSPEC message > 10/03/26 14:12:51 DB : policy found > 10/03/26 14:12:51 DB : policy deleted ( obj count = 1 ) > 10/03/26 14:12:51 K< : recv pfkey X_SPDDELETE2 UNSPEC message > 10/03/26 14:12:51 DB : policy found > 10/03/26 14:12:51 DB : policy deleted ( obj count = 0 ) > 10/03/26 14:12:51 ii : disabled adapter ROOT\VNET\0000 > 10/03/26 14:12:51 DB : tunnel dpd event canceled ( ref count = 3 ) > 10/03/26 14:12:51 DB : tunnel natt event canceled ( ref count = 2 ) > 10/03/26 14:12:51 DB : tunnel stats event canceled ( ref count = 1 ) > 10/03/26 14:12:51 DB : removing tunnel config references > 10/03/26 14:12:51 DB : removing tunnel phase2 references > 10/03/26 14:12:51 DB : removing tunnel phase1 references > 10/03/26 14:12:51 DB : tunnel deleted ( obj count = 0 ) > 10/03/26 14:12:51 DB : removing all peer tunnel refrences > 10/03/26 14:12:51 DB : peer deleted ( obj count = 0 ) > 10/03/26 14:12:51 ii : ipc client process thread exit ...
The gateway is sending a delete message for the ISAKMP SA which kills the tunnel. Do you have access to the gateway log files to determine why it is sending this? -Matthew _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
