ipsec failure: no connection is known for


#1

Hi,

im running in this weird issue. The tunnel is established and it is running very smoothly. But one´s a week the tunnel gets down showing this failure in the logs.
" cannot respond to IPsec SA request because no connection is known for 192.168.112.1/32===88.195.155.144[88.195.155.144]…13.138.47.123[13.138.47.123]===192.168.201.254/32"

This messages means, that i have a setup a wrong subnet on a site, because site A is expecting from Site B another subnet or otherwise.
But i checked everything. the Subnet is the right one /24. So why is that problem appearing.

Is this a Bug

After reset vp ipsec-peer everything is OK, until it happens again.

Hier is the vpn config:

authentication {
mode pre-shared-secret
pre-shared-secret ***************
}
connection-type initiate
default-esp-group phase-2
description VPN-Site
ike-group phase-1
ikev2-reauth inherit
local-address *************
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
esp-group phase-2
local {
prefix 192.168.112.0/24
}
remote {
prefix 192.168.201.0/24
}
}
tunnel 2 {
allow-nat-networks disable
allow-public-networks disable
esp-group phase-2
local {
prefix 192.168.112.0/24
}
remote {
prefix 10.10.201.0/24
}
}

Here is the vpn LOG:
Feb 10 07:36:51 srv-ngrouter pluto[3593]: “peer-13.138.47.123-tunnel-2” #268: sending encrypted notification INVALID_ID_INFORMATION to 13.138.47.123:500
Feb 10 07:36:51 srv-ngrouter pluto[3593]: packet from 13.138.47.123:500: ignoring Vendor ID payload [0048e2271bea8395ed772d343cc2a076]
Feb 10 07:36:51 srv-ngrouter pluto[3593]: packet from 13.138.47.123:500: ignoring Vendor ID payload [5cbeb299eb825a7d7a2eb495905db061]
Feb 10 07:36:51 srv-ngrouter pluto[3593]: packet from 13.138.47.123:500: received Vendor ID payload [XAUTH]
Feb 10 07:36:51 srv-ngrouter pluto[3593]: packet from 13.138.47.123:500: received Vendor ID payload [Dead Peer Detection]
Feb 10 07:36:51 srv-ngrouter pluto[3593]: “peer-13.138.47.123-tunnel-2” #269: responding to Main Mode
Feb 10 07:36:51 srv-ngrouter pluto[3593]: “peer-13.138.47.123-tunnel-2” #269: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Feb 10 07:36:51 srv-ngrouter pluto[3593]: “peer-13.138.47.123-tunnel-2” #269: Peer ID is ID_IPV4_ADDR: ‘13.138.47.123’
Feb 10 07:36:51 srv-ngrouter pluto[3593]: “peer-13.138.47.123-tunnel-2” #269: sent MR3, ISAKMP SA established
Feb 10 07:36:51 srv-ngrouter pluto[3593]: “peer-13.138.47.123-tunnel-2” #269: cannot respond to IPsec SA request because no connection is known for 192.168.112.1/32===88.195.155.144[88.195.155.144]…13.138.47.123[13.138.47.123]===192.168.201.254/32