Home/Support/Support Forum/IKEV2 to Cisco rekeying every 11 seconds
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

IKEV2 to Cisco rekeying every 11 seconds

0 votes
Hi All:

I am terminating IKEV2 IPSec tunnels with a Cisco ISR4431 and WR21 routers.
The is the WR21 eventlog:
12:38:44, 15 Oct 2020,(7) New IKEv2 Negotiation peer 103.205.244.106,Responder (Info)
12:38:33, 15 Oct 2020,(7) IKEv2 Negotiation completed pe,Responder
12:38:33, 15 Oct 2020,(7) New IKEv2 Negotiation peer 103.205.244.106,Responder (Info)
12:38:23, 15 Oct 2020,(7) IKEv2 Negotiation completed pe,Responder
12:38:23, 15 Oct 2020,(7) New IKEv2 Negotiation peer 103.205.244.106,Responder (Info)
12:38:12, 15 Oct 2020,(7) IKEv2 Negotiation completed pe,Responder
12:38:12, 15 Oct 2020,(7) New IKEv2 Negotiation peer 103.205.244.106,Responder (Info)
12:38:02, 15 Oct 2020,(7) IKEv2 Negotiation completed pe,Initiator

The WR21 is initiating a rekeying every 11 seconds.

How do I stop this?
I have set the rekey interval for ikev2 and IPSec on the Cisco at 14400 seconds and disabled rekeying on bytes transferred....so I know its not the Cisco doing this.

On WR21 I have set the IKEV2 to renegotiate after 4 hours and rekey after 2 hours....
But as you can see above, its doing it every 11 seconds.

Any tips on how I can get the WR21 to stop asking for the rekeying so often?


Model: WR21
Part Number: WR21-M72B-DE1-SB
Ethernet 0 MAC Address: 00:04:2d:0e:20:28
Serial: 925736

Firmware Version: 8.2.0.2 (Aug 20 2020 17:00:53)
SBIOS Version: 7.67u
Build Version: WW
HW Version: 1207a

Cheers,
John
asked Oct 15 in Digi TransPort Cellular by jserink Community Contributor (66 points)

Please log in or register to answer this question.

2 Answers

0 votes
So this continues to be an issue.
I have 20 WR21 units deployed and they are all doing this:
11:48:31, 20 Oct 2020,(28) IKEv2 Negotiation completed pe,Responder
11:48:31, 20 Oct 2020,(28) New IKEv2 Negotiation peer 103.205.244.106,Responder (Info)
11:48:23, 20 Oct 2020,(29) IKEv2 Negotiation completed pe,Responder
11:48:23, 20 Oct 2020,(29) New IKEv2 Negotiation peer 103.205.244.106,Responder (Info)
11:48:21, 20 Oct 2020,(28) IKEv2 Negotiation completed pe,Responder
11:48:21, 20 Oct 2020,(28) New IKEv2 Negotiation peer 103.205.244.106,Responder (Info)
11:48:12, 20 Oct 2020,(29) IKEv2 Negotiation completed pe,Responder
11:48:12, 20 Oct 2020,(29) New IKEv2 Negotiation peer 103.205.244.106,Responder (Info)
11:48:10, 20 Oct 2020,(28) IKEv2 Negotiation completed pe,Responder
11:48:10, 20 Oct 2020,(28) New IKEv2 Negotiation peer 103.205.244.106,Responder (Info)
11:48:02, 20 Oct 2020,(29) IKEv2 Negotiation completed pe,Responder
11:48:02, 20 Oct 2020,(29) New IKEv2 Negotiation peer 103.205.244.106,Responder (Info)
11:47:59, 20 Oct 2020,(28) IKEv2 Negotiation completed pe,Responder
11:47:59, 20 Oct 2020,(28) New IKEv2 Negotiation peer 103.205.244.106,Responder (Info)


I'd like some advice on how/why this is happening and work around to stop it.
The Cisco debug doesn't show anything about this so wondering what the WR21 is on about.

Cheers,
john
answered Oct 20 by jserink Community Contributor (66 points)
Ok, I have confirmed that the Event log messages are generated from dpd messages sent from the Cisco.
I have confirmed this by changing the Cisco settings and it was reflected in the WR21 event log.

So, how can I setup the event log to ignore those messages?

Cheers,
John
0 votes
Ok, so.....
The massages I want to filter are:
174-1, IKEv2 Negotiation completed pe,Responder
173-1, New IKEv2 Negotiation peer 103.205.244.106,Responder (Info)

Do I have those correct?

To filter these I use:
event 0 ev_filter 174,1
event 0 ev_filter 173,1

But neither of those worked.
I don't want to filter all the 174 messages, just the 174,1....similar to the 173.

Is there anyway to do that?

There is another issue at play here.....
Why is the Digi lodging a DPD message from the Cisco as a "Negotiation Completed" event when its just a DPD message?



Cheers,
john
answered Oct 20 by jserink Community Contributor (66 points)
...