Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mtousignant
New Contributor

Created on ‎12-26-2015 02:17 PM

Weird IPsec issue: recv ISAKMP SA delete

Having trouble with one of our VPN tunnels. This seemed to work fine up until Christmas, the 24 hours key life expired, and now we can't seem to maintain a tunnel... it comes up but dies a few seconds later. 

 

Does anyone have any idea why? 

 

Settings

P1

edit "TD-1" set interface "wan1" set local-gw 66.46.223.126 set nattraversal disable set proposal 3des-sha1 set localid-type address set dpd disable set dhgrp 2 set remote-gw 142.205.208.6 set psksecret ENC XVVwFF9A7uExrGjTpyMPboRIh40o2kcyQMVyPF/eYNocChFX4+/6wzZeRHrdIvh6zO4UHmLud43yqX3JFZtYp8C2PDdbJ/DtPpdsOkpbXcbluLlJkXJX8AeBUUT8D5j9PIzp0uWa6xxp9mzW/ZpDtBqYCjI78WJJ+VkrZUunSKVDdJI7+3mxKrtaFcGBP/MVVleglA== set auto-negotiate disable next

 

Phase2

edit "TD-LB-9" set phase1name "TD-1" set proposal 3des-sha1 set pfs disable set keepalive enable set keylifeseconds 7200 set src-subnet 10.7.1.0 255.255.255.0 set dst-subnet 142.205.9.0 255.255.255.0 next edit "TD-LB-136" set phase1name "TD-1" set proposal 3des-sha1 set pfs disable set keepalive enable set keylifeseconds 7200 set src-subnet 10.7.1.0 255.255.255.0 set dst-subnet 142.205.136.0 255.255.255.0 next edit "TD-LB-134" set phase1name "TD-1" set proposal 3des-sha1 set pfs disable set keepalive enable set keylifeseconds 7200 set src-subnet 10.7.1.0 255.255.255.0 set dst-subnet 142.205.134.0 255.255.255.0 next edit "TD-DMZ-9" set phase1name "TD-1" set proposal 3des-sha1 set pfs disable set keepalive enable set keylifeseconds 7200 set src-subnet 10.20.40.0 255.255.255.0 set dst-subnet 142.205.9.0 255.255.255.0 next edit "TD-DMZ-136" set phase1name "TD-1" set proposal 3des-sha1 set pfs disable set keepalive enable set keylifeseconds 7200 set src-subnet 10.20.40.0 255.255.255.0 set dst-subnet 142.205.136.0 255.255.255.0 next edit "TD-DMZ-134" set phase1name "TD-1" set proposal 3des-sha1 set pfs disable set keepalive enable set keylifeseconds 7200 set src-subnet 10.20.40.0 255.255.255.0 set dst-subnet 142.205.134.0 255.255.255.0 next edit "TD-201-9" set phase1name "TD-1" set proposal 3des-sha1 set pfs disable set keepalive enable set keylifeseconds 7200 set src-subnet 192.168.201.0 255.255.255.0 set dst-subnet 142.205.9.0 255.255.255.0 next edit "TD-201-136" set phase1name "TD-1" set proposal 3des-sha1 set pfs disable set keepalive enable set keylifeseconds 7200 set src-subnet 192.168.201.0 255.255.255.0 set dst-subnet 142.205.136.0 255.255.255.0 next edit "TD-201-134" set phase1name "TD-1" set proposal 3des-sha1 set pfs disable set keepalive enable set keylifeseconds 7200 set src-subnet 192.168.201.0 255.255.255.0 set dst-subnet 142.205.134.0 255.255.255.0 next

 

 

Log:

ike 0: comes 142.205.208.6:500->66.46.223.126:500,ifindex=3.... ike 0: IKEv1 exchange=Quick id=30e82628fbd2784a/56559c8df36b1a17:3d545aac len=172 ike 0: in 30E82628FBD2784A56559C8DF36B1A17081020013D545AAC000000AC2E7FD27432D2338373F4DA72EBA5F524C35E621D78004AE802351091332260483089558047705856FF77F37228F9359ED38F52AFF7BF35AFB0F9DE29DC58A2AF9123AF587F797F6EB26B21E7256FC44538C64C46FA6C2CA969D1C8E2340B1BBBDD8689CDA102419324C6E3E3C7102043CC075FA27AE872CA72561A276654D5DB531007A709373865A9FBD5B8C8F36E76 ike 0:TD-1:544:1735: responder received first quick-mode message ike 0:TD-1:544: dec 30E82628FBD2784A56559C8DF36B1A17081020013D545AAC000000AC01000018A26F73F7CCC598F86B983A9FFE36299D615A635A0A00003C00000001000000010000003001030401ECED5F8A000000240103000080040001800100018002708080010002000200040046500080050002050000185E591E7CA720BE45CE343F83FDCA334FA80017C405000010040000008ECD0900FFFFFF0000000010040000000A070100FFFFFF0000000000 ike 0:TD-1:544:1735: peer proposal is: peer:0:142.205.9.0-142.205.9.255:0, me:0:10.7.1.0-10.7.1.255:0 ike 0:TD-1:544:TD-201-134:1735: trying ike 0:TD-1:544:1735: specified selectors mismatch ike 0:TD-1:544:1735: peer: type=7/7, local=0:10.7.1.0-10.7.1.255:0, remote=0:142.205.9.0-142.205.9.255:0 ike 0:TD-1:544:1735: mine: type=7/7, local=0:192.168.201.0-192.168.201.255:0, remote=0:142.205.134.0-142.205.134.255:0 ike 0:TD-1:544:TD-201-136:1735: trying ike 0:TD-1:544:1735: specified selectors mismatch ike 0:TD-1:544:1735: peer: type=7/7, local=0:10.7.1.0-10.7.1.255:0, remote=0:142.205.9.0-142.205.9.255:0 ike 0:TD-1:544:1735: mine: type=7/7, local=0:192.168.201.0-192.168.201.255:0, remote=0:142.205.136.0-142.205.136.255:0 ike 0:TD-1:544:TD-201-9:1735: trying ike 0:TD-1:544:1735: specified selectors mismatch ike 0:TD-1:544:1735: peer: type=7/7, local=0:10.7.1.0-10.7.1.255:0, remote=0:142.205.9.0-142.205.9.255:0 ike 0:TD-1:544:1735: mine: type=7/7, local=0:192.168.201.0-192.168.201.255:0, remote=0:142.205.9.0-142.205.9.255:0 ike 0:TD-1:544:TD-DMZ-134:1735: trying ike 0:TD-1:544:1735: specified selectors mismatch ike 0:TD-1:544:1735: peer: type=7/7, local=0:10.7.1.0-10.7.1.255:0, remote=0:142.205.9.0-142.205.9.255:0 ike 0:TD-1:544:1735: mine: type=7/7, local=0:10.20.40.0-10.20.40.255:0, remote=0:142.205.134.0-142.205.134.255:0 ike 0:TD-1:544:TD-DMZ-136:1735: trying ike 0:TD-1:544:1735: specified selectors mismatch ike 0:TD-1:544:1735: peer: type=7/7, local=0:10.7.1.0-10.7.1.255:0, remote=0:142.205.9.0-142.205.9.255:0 ike 0:TD-1:544:1735: mine: type=7/7, local=0:10.20.40.0-10.20.40.255:0, remote=0:142.205.136.0-142.205.136.255:0 ike 0:TD-1:544:TD-DMZ-9:1735: trying ike 0:TD-1:544:1735: specified selectors mismatch ike 0:TD-1:544:1735: peer: type=7/7, local=0:10.7.1.0-10.7.1.255:0, remote=0:142.205.9.0-142.205.9.255:0 ike 0:TD-1:544:1735: mine: type=7/7, local=0:10.20.40.0-10.20.40.255:0, remote=0:142.205.9.0-142.205.9.255:0 ike 0:TD-1:544:TD-LB-134:1735: trying ike 0:TD-1:544:1735: specified selectors mismatch ike 0:TD-1:544:1735: peer: type=7/7, local=0:10.7.1.0-10.7.1.255:0, remote=0:142.205.9.0-142.205.9.255:0 ike 0:TD-1:544:1735: mine: type=7/7, local=0:10.7.1.0-10.7.1.255:0, remote=0:142.205.134.0-142.205.134.255:0 ike 0:TD-1:544:TD-LB-136:1735: trying ike 0:TD-1:544:1735: specified selectors mismatch ike 0:TD-1:544:1735: peer: type=7/7, local=0:10.7.1.0-10.7.1.255:0, remote=0:142.205.9.0-142.205.9.255:0 ike 0:TD-1:544:1735: mine: type=7/7, local=0:10.7.1.0-10.7.1.255:0, remote=0:142.205.136.0-142.205.136.255:0 ike 0:TD-1:544:TD-LB-9:1735: trying ike 0:TD-1:544:TD-LB-9:1735: matched phase2 ike 0:TD-1:544:TD-LB-9:1735: autokey ike 0:TD-1:544:TD-LB-9:1735: my proposal: ike 0:TD-1:544:TD-LB-9:1735: proposal id = 1: ike 0:TD-1:544:TD-LB-9:1735: protocol id = IPSEC_ESP: ike 0:TD-1:544:TD-LB-9:1735: trans_id = ESP_3DES ike 0:TD-1:544:TD-LB-9:1735: encapsulation = ENCAPSULATION_MODE_TUNNEL ike 0:TD-1:544:TD-LB-9:1735: type = AUTH_ALG, val=SHA1 ike 0:TD-1:544:TD-LB-9:1735: incoming proposal: ike 0:TD-1:544:TD-LB-9:1735: proposal id = 1: ike 0:TD-1:544:TD-LB-9:1735: protocol id = IPSEC_ESP: ike 0:TD-1:544:TD-LB-9:1735: trans_id = ESP_3DES ike 0:TD-1:544:TD-LB-9:1735: encapsulation = ENCAPSULATION_MODE_TUNNEL ike 0:TD-1:544:TD-LB-9:1735: type = AUTH_ALG, val=SHA1 ike 0:TD-1:544:TD-LB-9:1735: negotiation result ike 0:TD-1:544:TD-LB-9:1735: proposal id = 1: ike 0:TD-1:544:TD-LB-9:1735: protocol id = IPSEC_ESP: ike 0:TD-1:544:TD-LB-9:1735: trans_id = ESP_3DES ike 0:TD-1:544:TD-LB-9:1735: encapsulation = ENCAPSULATION_MODE_TUNNEL ike 0:TD-1:544:TD-LB-9:1735: type = AUTH_ALG, val=SHA1 ike 0:TD-1:544:TD-LB-9:1735: using tunnel mode.

Slightly later...

ike 0: comes 142.205.208.6:500->66.46.223.126:500,ifindex=3.... ike 0: IKEv1 exchange=Quick id=30e82628fbd2784a/56559c8df36b1a17:ba283e5c len=172 ike 0: in 30E82628FBD2784A56559C8DF36B1A1708102001BA283E5C000000AC5482065A7AB4EA306CA6B024B4415FBC7632068160628E4223461EEB13E472970400F9DA4DEFCE1BD9921CD30A16E74C96D337D912F390C4FA1AFEB741F283C6CCCCEE6D58F62D4C1890362FAF7911A39B8CE6B3947D39E2D8C04042C2F053C66C6C01A21278879C9762AD03DC751DDFA0369303B3745EA35A3036D890344807797674CD88B2F6BB16CB45819020A8F4 ike 0:TD-1:544:TD-LB-9:1722: retransmission, re-send last message ike 0:TD-1:544: out 30E82628FBD2784A56559C8DF36B1A1708102001BA283E5C000000C488050E70A9F77254D0123F8D2D938BB65C0AD1555156A55EF1B777230A161E00BEC953886467EC76B627CF06603AA7BF807A0813BD83A0EBE02707D59D9C7CDDDF14C79A54826D5C64798026996E4657A0F819F1CE640767B00C4A378BDC234EAE7086C536D6C9C84695008B67362DE932A3E5266CFB49A3C39505027CD71A8ADAF75BB270903A4226A1A55C4A509C36C7386CB1D1C5438D68EF4B500E5BDC7726E61E5C1B6D63A1 ike 0:TD-1:544: sent IKE msg (retransmit): 66.46.223.126:500->142.205.208.6:500, len=196, id=30e82628fbd2784a/56559c8df36b1a17:ba283e5c ike 0:TD-1:544:TD-LB-9:1735: add RESPONDER-LIFETIME 7200 seconds ike 0:TD-1:544:TD-LB-9:1735: replay protection enabled ike 0:TD-1:544:TD-LB-9:1735: SA life soft seconds=7149. ike 0:TD-1:544:TD-LB-9:1735: SA life hard seconds=7200. ike 0:TD-1:544:TD-LB-9:1735: IPsec SA selectors #src=1 #dst=1 ike 0:TD-1:544:TD-LB-9:1735: src 0 7 0:10.7.1.0-10.7.1.255:0 ike 0:TD-1:544:TD-LB-9:1735: dst 0 7 0:142.205.9.0-142.205.9.255:0 ike 0:TD-1:544:TD-LB-9:1735: add IPsec SA: SPIs=011fdebc/eced5f8a ike 0:TD-1:544:TD-LB-9:1735: IPsec SA dec spi 011fdebc key 24:1617CD0545DE6232BBBC182B3677893A1C3E0EA0E89D9182 auth 20:ED51FB9CEAA2B9B3ED74440DF9FB5D071764AFC7 ike 0:TD-1:544:TD-LB-9:1735: IPsec SA enc spi eced5f8a key 24:12225FBC19FA08BAD93D44205E364AB4C3976394CEF64F37 auth 20:462B1204C2A584873953F455965141A0F9A84DF0 ike 0:TD-1:544:TD-LB-9:1735: added IPsec SA: SPIs=011fdebc/eced5f8a ike 0:TD-1:544: enc 30E82628FBD2784A56559C8DF36B1A17081020013D545AAC000000C0010000180F472EA0E9FBF7CBB42658D792062ED651EA5ABD0A00003C00000001000000010000003001030401011FDEBC000000240103000080040001800100018002708080010002000200040046500080050002050000149C4F6C46DEA7C2EFB4E92372AE317F7C05000010040000008ECD0900FFFFFF000B000010040000000A070100FFFFFF000000001C0000000103046000011FDEBC800100010002000400001C20 ike 0:TD-1:544: out 30E82628FBD2784A56559C8DF36B1A17081020013D545AAC000000C4D2736661123CA84F21C7D0847D1965994F798692915476D9CA2E085DE91DDC51DA7D157C34208C109AE8ABF7C18C137A8B20DCB782F8E7FDDE80CCE2CD0B8758CF3C35F5E41AD415E3DC8B49F9039BC36FE3F5589134039941F0E05A3E198840FB884798B8F52BE29F11B96555E3E04DF3233C7CCE692E5404E2139900241E6007F3A6706E0248CBACCDAD972575A3F1B37E206255B26D12CD967272571F28DB9FA50E7986790495 ike 0:TD-1:544: sent IKE msg (quick_r1send): 66.46.223.126:500->142.205.208.6:500, len=196, id=30e82628fbd2784a/56559c8df36b1a17:3d545aac ike 0:TD-1: link is idle 3 66.46.223.126->142.205.208.6:0 dpd=1 seqno=46 ike 0:TD-1:544: out 30E82628FBD2784A56559C8DF36B1A17081020013D545AAC000000C4D2736661123CA84F21C7D0847D1965994F798692915476D9CA2E085DE91DDC51DA7D157C34208C109AE8ABF7C18C137A8B20DCB782F8E7FDDE80CCE2CD0B8758CF3C35F5E41AD415E3DC8B49F9039BC36FE3F5589134039941F0E05A3E198840FB884798B8F52BE29F11B96555E3E04DF3233C7CCE692E5404E2139900241E6007F3A6706E0248CBACCDAD972575A3F1B37E206255B26D12CD967272571F28DB9FA50E7986790495 ike 0:TD-1:544: sent IKE msg (P2_RETRANSMIT): 66.46.223.126:500->142.205.208.6:500, len=196, id=30e82628fbd2784a/56559c8df36b1a17:3d545aac ike 0: comes 199.68.179.138:500->66.46.223.126:500,ifindex=3.... ike 0: IKEv1 exchange=Informational id=dc4be19f4178f5ed/a985f98125a73abf:e1cd36b5 len=92 ike 0: in DC4BE19F4178F5EDA985F98125A73ABF08100501E1CD36B50000005C9F2FD9C8D66B927A7B848A8652C06981A847BC9BE230AC7EB6B7BB8B59FF2BBF5D02FBBE439120DC4CC4CC1DE6C6C9204E2743E75B5DDCFE8F6F616E15283F56 ike 0:TD-1: link is idle 3 66.46.223.126->142.205.208.6:0 dpd=1 seqno=47 ike 0:TD-1:544: send IKEv1 DPD probe, seqno 71 ike 0:TD-1:544: enc 30E82628FBD2784A56559C8DF36B1A170810050199BFD8E0000000540B0000181866D125916E3607938083AFF768ADCCE34CE4A3000000200000000101108D2830E82628FBD2784A56559C8DF36B1A1700000047 ike 0:TD-1:544: out 30E82628FBD2784A56559C8DF36B1A170810050199BFD8E00000005C90280B367B96ED8CE2C462CC4B7F4E2F9EEEE0C05910551E5B20DA46A4E03F9A6C03E37C7ED08D71B4BB5BE4CAE07082932E2C7A7BD95E662043087C3125498B ike 0:TD-1:544: sent IKE msg (R-U-THERE): 66.46.223.126:500->142.205.208.6:500, len=92, id=30e82628fbd2784a/56559c8df36b1a17:99bfd8e0 ike 0: comes 142.205.208.6:500->66.46.223.126:500,ifindex=3.... ike 0: IKEv1 exchange=Informational id=30e82628fbd2784a/56559c8df36b1a17:62e4ff7b len=92 ike 0: in 30E82628FBD2784A56559C8DF36B1A170810050162E4FF7B0000005C08F19E0EADAB92FF22963479FB295A6EB9B9646DFACF1C56ACDEC0B19C8CAA87E4D0FA040C43C202F18D7062CD76D7EA78F0D9BD42531C55B9D1CB72AA9E49BF ike 0:TD-1:544: dec 30E82628FBD2784A56559C8DF36B1A170810050162E4FF7B0000005C0B00001874855EEB882EB481C80BF0B59D26DCC74437DC87000000200000000101108D2930E82628FBD2784A56559C8DF36B1A17000000470000000000000000 ike 0:TD-1:544: notify msg received: R-U-THERE-ACK ike 0:TD-1:544: out 30E82628FBD2784A56559C8DF36B1A17081020013D545AAC000000C4D2736661123CA84F21C7D0847D1965994F798692915476D9CA2E085DE91DDC51DA7D157C34208C109AE8ABF7C18C137A8B20DCB782F8E7FDDE80CCE2CD0B8758CF3C35F5E41AD415E3DC8B49F9039BC36FE3F5589134039941F0E05A3E198840FB884798B8F52BE29F11B96555E3E04DF3233C7CCE692E5404E2139900241E6007F3A6706E0248CBACCDAD972575A3F1B37E206255B26D12CD967272571F28DB9FA50E7986790495 ike 0:TD-1:544: sent IKE msg (P2_RETRANSMIT): 66.46.223.126:500->142.205.208.6:500, len=196, id=30e82628fbd2784a/56559c8df36b1a17:3d545aac ike 0: comes 74.111.26.108:500->66.46.223.126:500,ifindex=3.... ike 0: IKEv1 exchange=Informational id=019779abc83cc38d/5cf295077b1b706a:52e0c47a len=92 ike 0: in 019779ABC83CC38D5CF295077B1B706A0810050152E0C47A0000005CE199A471DDFABD9DA87D497B0BC8CE09DB80EC2FFCB68FA73B77D6260147FDF37456AE02FBC6D0756D3756F6CB3027B3EA3DE7DE59E66868B8C10456561381E6 ike 0: IKEv1 exchange=Informational id=dc4be19f4178f5ed/a985f98125a73abf:f2b82aae len=92 ike 0: in DC4BE19F4178F5EDA985F98125A73ABF08100501F2B82AAE0000005C329EE13F6E97546BDC8ACE01AD491A6B757F5C64005B86C91ADB90F793427DA63636A9C9726BAD89379673C0ADE959FDD393B2B05F77F34E0D5EE5175A7F1B46 ike 0: comes 142.205.208.6:500->66.46.223.126:500,ifindex=3.... ike 0: IKEv1 exchange=Quick id=30e82628fbd2784a/56559c8df36b1a17:3d545aac len=172 ike 0: in 30E82628FBD2784A56559C8DF36B1A17081020013D545AAC000000AC2E7FD27432D2338373F4DA72EBA5F524C35E621D78004AE802351091332260483089558047705856FF77F37228F9359ED38F52AFF7BF35AFB0F9DE29DC58A2AF9123AF587F797F6EB26B21E7256FC44538C64C46FA6C2CA969D1C8E2340B1BBBDD8689CDA102419324C6E3E3C7102043CC075FA27AE872CA72561A276654D5DB531007A709373865A9FBD5B8C8F36E76 ike 0:TD-1:544:TD-LB-9:1735: retransmission, re-send last message ike 0:TD-1:544: out 30E82628FBD2784A56559C8DF36B1A17081020013D545AAC000000C4D2736661123CA84F21C7D0847D1965994F798692915476D9CA2E085DE91DDC51DA7D157C34208C109AE8ABF7C18C137A8B20DCB782F8E7FDDE80CCE2CD0B8758CF3C35F5E41AD415E3DC8B49F9039BC36FE3F5589134039941F0E05A3E198840FB884798B8F52BE29F11B96555E3E04DF3233C7CCE692E5404E2139900241E6007F3A6706E0248CBACCDAD972575A3F1B37E206255B26D12CD967272571F28DB9FA50E7986790495 ike 0:TD-1:544: sent IKE msg (retransmit): 66.46.223.126:500->142.205.208.6:500, len=196, id=30e82628fbd2784a/56559c8df36b1a17:3d545aac ike 0: comes 142.205.208.6:500->66.46.223.126:500,ifindex=3.... ike 0: IKEv1 exchange=Quick id=30e82628fbd2784a/56559c8df36b1a17:ba283e5c len=172 ike 0: in 30E82628FBD2784A56559C8DF36B1A1708102001BA283E5C000000AC5482065A7AB4EA306CA6B024B4415FBC7632068160628E4223461EEB13E472970400F9DA4DEFCE1BD9921CD30A16E74C96D337D912F390C4FA1AFEB741F283C6CCCCEE6D58F62D4C1890362FAF7911A39B8CE6B3947D39E2D8C04042C2F053C66C6C01A21278879C9762AD03DC751DDFA0369303B3745EA35A3036D890344807797674CD88B2F6BB16CB45819020A8F4 ike 0:TD-1:544:TD-LB-9:1722: retransmission, re-send last message ike 0:TD-1:544: out 30E82628FBD2784A56559C8DF36B1A1708102001BA283E5C000000C488050E70A9F77254D0123F8D2D938BB65C0AD1555156A55EF1B777230A161E00BEC953886467EC76B627CF06603AA7BF807A0813BD83A0EBE02707D59D9C7CDDDF14C79A54826D5C64798026996E4657A0F819F1CE640767B00C4A378BDC234EAE7086C536D6C9C84695008B67362DE932A3E5266CFB49A3C39505027CD71A8ADAF75BB270903A4226A1A55C4A509C36C7386CB1D1C5438D68EF4B500E5BDC7726E61E5C1B6D63A1 ike 0:TD-1:544: sent IKE msg (retransmit): 66.46.223.126:500->142.205.208.6:500, len=196, id=30e82628fbd2784a/56559c8df36b1a17:ba283e5c ike 0:TD-1: link is idle 3 66.46.223.126->142.205.208.6:0 dpd=1 seqno=48 ike 0:TD-1:544: send IKEv1 DPD probe, seqno 72 ike 0:TD-1:544: enc 30E82628FBD2784A56559C8DF36B1A170810050135B43BD2000000540B0000184F24842764A07AE09579250ECB9F5C214359E228000000200000000101108D2830E82628FBD2784A56559C8DF36B1A1700000048 ike 0:TD-1:544: out 30E82628FBD2784A56559C8DF36B1A170810050135B43BD20000005C0B6943AE9CBE02068BD4B9538F40DA873A25B8FD6DE4DFAE5B47CA069DA0DEE36D884378ACE8C79F14BB0DDA993E89B597EBE6A00278BD0D5AA78D4020166C5C ike 0:TD-1:544: sent IKE msg (R-U-THERE): 66.46.223.126:500->142.205.208.6:500, len=92, id=30e82628fbd2784a/56559c8df36b1a17:35b43bd2

ike 0: comes 142.205.208.6:500->66.46.223.126:500,ifindex=3.... ike 0: IKEv1 exchange=Informational id=30e82628fbd2784a/56559c8df36b1a17:71f6e729 len=84 ike 0: in 30E82628FBD2784A56559C8DF36B1A170810050171F6E72900000054431B9C42C28B408AD21012DC4A08B8D1953B13C978B93F6588CD8F869B3DD33A49799738C1015DA453C9249FFA275BC17EA15A2F507BA8EC ike 0:TD-1:544: dec 30E82628FBD2784A56559C8DF36B1A170810050171F6E729000000540C000018A214BFDB40DB294FDF9C33E1F9A40528ECB88EA40000001C000000010110000130E82628FBD2784A56559C8DF36B1A1700000000 ike 0:TD-1:544: recv ISAKMP SA delete 30e82628fbd2784a/56559c8df36b1a17 ike 0:TD-1: deleting ike 0:TD-1: flushing ike 0:TD-1:544: send IPsec SA delete, spi 11fdeb9 ike 0:TD-1:544: enc 30E82628FBD2784A56559C8DF36B1A1708100501F7FBEB86000000440C00001876D1925CAF7796FA3AE7FE7171ADEE9A9B4AF0A0000000100000000103040001011FDEB9 ike 0:TD-1:544: out 30E82628FBD2784A56559C8DF36B1A1708100501F7FBEB860000004C4879B48BF64B2F319F3456A87DCF4610E7A4D8968E5EFEF8C58D187DF200ABE6680EF4191901C987587FA85D39A78E75 ike 0:TD-1:544: sent IKE msg (IPsec SA_DELETE-NOTIFY): 66.46.223.126:500->142.205.208.6:500, len=76, id=30e82628fbd2784a/56559c8df36b1a17:f7fbeb86 ike 0:TD-1:TD-DMZ-9: sending SNMP tunnel DOWN trap ike 0:TD-1:TD-LB-9: sending SNMP tunnel DOWN trap ike 0:TD-1: flushed ike 0:TD-1:544: HA send IKE SA del 30e82628fbd2784a/56559c8df36b1a17 ike 0:TD-1: deleted ike 0:TD-1: set oper down ike 0: unknown SPI 011fdeb9 3 142.205.208.6:0->66.46.223.126

5183
0 Kudos
1 REPLY 1
emnoc
Esteemed Contributor III

Created on ‎12-26-2015 06:53 PM

specified selectors mismatch

 

Have the src/dst ipv4 subnet changed?

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1710
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.