Home/Support/Support Forum/IPSec vpn tunnel down
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

IPSec vpn tunnel down

0 votes
Hi,

i am having a problem with ipsec on wr21 with combination of vpn concentrator VC74.

I have set to bring tunnel up whenever route is available and to renew tunnel after 8 hours.

Daily some of wr21 have tunnel down, and not renewed.

This is logs.

07:04:12, 07 Aug 2019,(3424) IKE Keys Negotiated. Peer: co214vpn
07:04:12, 07 Aug 2019,(3424) New Phase 1 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:04:12, 07 Aug 2019,IKE Request Received From Eroute 0
07:04:02, 07 Aug 2019,(3421) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:04:02, 07 Aug 2019,(3422) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:04:02, 07 Aug 2019,(3422) IKE Negotiation Failed. Peer: ,Inactivity
07:04:02, 07 Aug 2019,IKE Request Received From Eroute 0
07:03:52, 07 Aug 2019,IKE Request Received From Eroute 0
07:03:42, 07 Aug 2019,IKE Request Received From Eroute 0
07:03:32, 07 Aug 2019,(3422) New Phase 2 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:03:32, 07 Aug 2019,(3421) IKE Keys Negotiated. Peer: co214vpn
07:03:32, 07 Aug 2019,(3421) New Phase 1 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:03:32, 07 Aug 2019,IKE Request Received From Eroute 0
07:03:22, 07 Aug 2019,(3418) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:03:22, 07 Aug 2019,(3419) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:03:22, 07 Aug 2019,(3419) IKE Negotiation Failed. Peer: ,Inactivity
07:03:22, 07 Aug 2019,IKE Request Received From Eroute 0
07:03:12, 07 Aug 2019,IKE Request Received From Eroute 0
07:03:02, 07 Aug 2019,IKE Request Received From Eroute 0
07:02:52, 07 Aug 2019,(3419) New Phase 2 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:02:52, 07 Aug 2019,(3418) IKE Keys Negotiated. Peer: co214vpn
07:02:52, 07 Aug 2019,(3418) New Phase 1 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:02:52, 07 Aug 2019,IKE Request Received From Eroute 0
07:02:42, 07 Aug 2019,(3415) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:02:42, 07 Aug 2019,(3416) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:02:42, 07 Aug 2019,(3416) IKE Negotiation Failed. Peer: ,Inactivity
07:02:42, 07 Aug 2019,IKE Request Received From Eroute 0
07:02:32, 07 Aug 2019,IKE Request Received From Eroute 0
07:02:22, 07 Aug 2019,IKE Request Received From Eroute 0
07:02:12, 07 Aug 2019,(3416) New Phase 2 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:02:12, 07 Aug 2019,(3415) IKE Keys Negotiated. Peer: co214vpn
07:02:12, 07 Aug 2019,(3415) New Phase 1 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:02:12, 07 Aug 2019,IKE Request Received From Eroute 0
07:02:02, 07 Aug 2019,(3412) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:02:02, 07 Aug 2019,(3413) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:02:02, 07 Aug 2019,(3413) IKE Negotiation Failed. Peer: ,Inactivity
07:02:02, 07 Aug 2019,IKE Request Received From Eroute 0
07:01:52, 07 Aug 2019,IKE Request Received From Eroute 0
07:01:42, 07 Aug 2019,IKE Request Received From Eroute 0
07:01:32, 07 Aug 2019,(3413) New Phase 2 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:01:32, 07 Aug 2019,(3412) IKE Keys Negotiated. Peer: co214vpn
07:01:32, 07 Aug 2019,(3412) New Phase 1 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:01:32, 07 Aug 2019,IKE Request Received From Eroute 0
07:01:22, 07 Aug 2019,(3409) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:01:22, 07 Aug 2019,(3410) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:01:22, 07 Aug 2019,(3410) IKE Negotiation Failed. Peer: ,Inactivity
07:01:22, 07 Aug 2019,IKE Request Received From Eroute 0
07:01:12, 07 Aug 2019,IKE Request Received From Eroute 0
07:01:02, 07 Aug 2019,IKE Request Received From Eroute 0
07:00:52, 07 Aug 2019,(3410) New Phase 2 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:00:52, 07 Aug 2019,(3409) IKE Keys Negotiated. Peer: co214vpn
07:00:52, 07 Aug 2019,(3409) New Phase 1 IKE Session PUBLIC IP OF VPN CONCENTRATOR,Initiator
07:00:52, 07 Aug 2019,IKE Request Received From Eroute 0
07:00:42, 07 Aug 2019,(3406) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:00:42, 07 Aug 2019,(3407) IKE SA Removed. Peer: co214vpn,Negotiation Failure
07:00:42, 07 Aug 2019,(3407) IKE Negotiation Failed. Peer: ,Inactivity



after restart of wr21 it gets connected VPN tunnel.
asked Aug 7, 2019 in Digi TransPort Cellular by iadamovic New to the Community (5 points)

Please log in or register to answer this question.

2 Answers

0 votes
Hello!

It looks like it's hitting the Deed Peer Detection (DPD) timeout and is closing negotiation. Try extending out the DPD timers.

Under Configuration - Network > Virtual Private Networking (VPN) > IPsec > Dead Peer Detection (DPD)
answered Dec 19, 2019 by jpaczkowski Community Contributor (52 points)
0 votes
Hi,
Based on the time stamps and events, it looks like the VC74 is not responding to the WR21's IKE negotiation, or, the IKE response is not getting to the VC74, or, the response is not getting back to the WR. You should check the logs and debug on the VC74.

Kind regards,
Ben - Digi Support
answered Jan 7 by bengartland Community Contributor (62 points)
...