[vpn-help] Phase 2 Rekeying

John Sayce jsayce at asdlighting.com
Thu Feb 28 01:53:57 CST 2013


My problem seems roughly similar to this one https://lists.shrew.net/pipermail/vpn-help/2012-April/013833.html

I have a dial up vpn that is connecting to a Juniper SSG-140.  The initial connection is fine and all works as expect until the phase two key time limit expires.  The time limit is currently set to 3600 seconds.  At 2880 seconds (48 minutes)a new SA is established and my connection fails.  At the point where the connection fails, I cannot simply disconnect and reconnect.  I have to wait for about half an hour before reconnecting.  I guess it would make sense if I had to wait an additional 48 minutes.  I don't have the exact figures for this.

I've attached the config for the firewall and client.  And I've attached the debug log from the client and the "debug ike detail" output from the firewall.

I've tried to trip part of the firewall log as I have multiple vpn connections.

Thanks

John Sayce

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20130228/580ecb69/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Firewall Config.txt
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20130228/580ecb69/attachment-0002.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Firewall Log.log
Type: application/octet-stream
Size: 43545 bytes
Desc: Firewall Log.log
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20130228/580ecb69/attachment-0002.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Shrew Client Config.vpn.vpn
Type: application/octet-stream
Size: 1052 bytes
Desc: Shrew Client Config.vpn.vpn
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20130228/580ecb69/attachment-0003.obj>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Shrew Client Log.txt
URL: <http://lists.shrew.net/pipermail/vpn-help/attachments/20130228/580ecb69/attachment-0003.txt>


More information about the vpn-help mailing list