Search This Blog

Friday, June 01, 2007

firewall-wizards Digest, Vol 14, Issue 2

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Cisco VPN reconnection every 23 minutes (ditribar)
2. Re: Cisco VPN reconnection every 23 minutes (Prabhu Gurumurthy)


----------------------------------------------------------------------

Message: 1
Date: Fri, 01 Jun 2007 18:48:35 +0200
From: "ditribar" <ditribar@gmx.de>
Subject: Re: [fw-wiz] Cisco VPN reconnection every 23 minutes
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <20070601164835.321050@gmx.net>
Content-Type: text/plain; charset="us-ascii"

Thank you for the reply,

the rekeying duration issue has been solved but the main problem still remains. About every 23 minutes the tunnel gets reconnected.

How can i figure out, what the reason for this (User request seems not adequate)

Here is a fresh log :

2007-06-01T17:17:19+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP = REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address REMOTE_LAN_IP, Crypto map (outside_map)
2007-06-01T17:17:20+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated memory for authorization-dn-attributes
2007-06-01T17:17:20+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-06-01T17:17:21+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x095f6107, Outbound SPI = 0xba436260
2007-06-01T17:17:21+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=16100297)


2007-06-01T17:40:20+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
2007-06-01T17:40:20+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019: Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:00s, Bytes xmt: 0, Bytes rcv: 2460, Reason: User Requested
2007-06-01T17:40:39+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP = REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address REMOTE_LAN_IP, Crypto map (outside_map)
2007-06-01T17:40:40+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated memory for authorization-dn-attributes
2007-06-01T17:40:40+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-06-01T17:40:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x5ee13a8c, Outbound SPI = 0x47be5c1b
2007-06-01T17:40:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=fac746f6)


2007-06-01T18:03:38+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
2007-06-01T18:03:38+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019: Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:22m:58s, Bytes xmt: 0, Bytes rcv: 2460, Reason: User Requested
2007-06-01T18:03:59+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP = REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address REMOTE_LAN_IP, Crypto map (outside_map)
2007-06-01T18:04:00+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated memory for authorization-dn-attributes
2007-06-01T18:04:00+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-06-01T18:04:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x65cbc57a, Outbound SPI = 0x49903ef4
2007-06-01T18:04:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=00fccb39)


2007-06-01T18:27:23+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
2007-06-01T18:27:23+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019: Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:23s, Bytes xmt: 0, Bytes rcv: 2580, Reason: User Requested
2007-06-01T18:27:40+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP = REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address REMOTE_LAN_IP, Crypto map (outside_map)
2007-06-01T18:27:41+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated memory for authorization-dn-attributes
2007-06-01T18:27:41+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-06-01T18:27:42+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x591f6a2d, Outbound SPI = 0x30a6f800
2007-06-01T18:27:42+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=37df88b5)


Any ideas?

-------- Original-Nachricht --------
Datum: Thu, 31 May 2007 13:25:52 -0500
Von: Paul Murphy <Paul_Murphy@fd.org>
An: Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Betreff: Re: [fw-wiz] Cisco VPN reconnection every 23 minutes

> Have you checked your rekey duration on both sides? It looks like one
> peer
> has a considerably shorter rekey value.
>
> Thanks,
>
> Paul Murphy
>
>
>
>
>
> ditribar@gmx.de
> Sent by:
> firewall-wizards- To
> bounces@listserv. firewall-wizards@honor.icsalabs.com
> icsalabs.com cc
>
> Subject
> 05/31/2007 12:24 [fw-wiz] Cisco VPN reconnection
> PM every 23 minutes
>
>
> Please respond to
> Firewall Wizards
> Security Mailing
> List
> <firewall-wizards
> @listserv.icsalab
> s.com>
>
>
>
>
>
>
> can anybody help me to solve the following problem?
>
> A VPN Tunnel is established and working so far, but the connection
> gets
> reconnected about every 23 minutes.
>
> Here are some logs whats happening on PEER1 (AAA.BBB.CCC.DDD) (CISCO
> ASA 5500):
>
> Peer connect
>
> 2007-05-31T17:30:08+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
> REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
> REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
> REMOTE_LAN_IP, Crypto map (outside_map)
> 2007-05-31T17:30:10+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
> Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
> memory for authorization-dn-attributes
> 2007-05-31T17:30:10+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
> REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
> 2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
> rekeying duration from 28800 to 3600 seconds
> 2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
> LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x8d72d873,
> Outbound SPI = 0xee7d09b6
> 2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=2a2a6615)
>
> Peer disconnect again
>
> 2007-05-31T17:53:46+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
> REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
> 2007-05-31T17:53:46+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019:
> Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP,
> Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:36s,
> Bytes xmt: 6572, Bytes rcv: 7772, Reason: User Requested
> 2007-05-31T17:53:58+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
> REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
> REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
> REMOTE_LAN_IP, Crypto map (outside_map)
> 2007-05-31T17:54:00+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
> Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
> memory for authorization-dn-attributes
> 2007-05-31T17:54:00+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
> REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
> 2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
> rekeying duration from 28800 to 3600 seconds
> 2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
> LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x695fe990,
> Outbound SPI = 0x792e9c57
> 2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=b6a126bc)
>
> Manual disconnect
>
> 2007-05-31T18:00:32+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019:
> Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP,
> Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:06m:31s,
> Bytes xmt: 0, Bytes rcv: 0, Reason: Administrator Reset
> 2007-05-31T18:00:32+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
> REMOTE_PEER_IP. Reason: Administrator Reset Remote Proxy REMOTE_LAN_IP,
> Local Proxy LOCAL_PROXY_IP
> 2007-05-31T18:00:39+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
> REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
> REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
> REMOTE_LAN_IP, Crypto map (outside_map)
> 2007-05-31T18:00:40+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
> Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
> memory for authorization-dn-attributes
> 2007-05-31T18:00:40+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
> REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
> 2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
> rekeying duration from 28800 to 3600 seconds
> 2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
> LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x6bccacec,
> Outbound SPI = 0x7a216c5f
> 2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=fe0bd283)
>
> Peer disconnect again
>
> 2007-05-31T18:24:12+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
> REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
> 2007-05-31T18:24:12+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019:
> Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP,
> Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:32s,
> Bytes xmt: 6104, Bytes rcv: 6616, Reason: User Requested
> 2007-05-31T18:25:52+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
> REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
> REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
> REMOTE_LAN_IP, Crypto map (outside_map)
> 2007-05-31T18:25:54+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
> Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
> memory for authorization-dn-attributes
> 2007-05-31T18:25:54+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
> REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
> 2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
> rekeying duration from 28800 to 3600 seconds
> 2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
> LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0xba41c143,
> Outbound SPI = 0xb16e5642
> 2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120:
> Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=c825a866)
>
> ..... disconnect occurs about every 23 minutes
>
>
> Any ideas?
>
> Kind regards
>
> ditribar
> --
> Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten
> Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

--
GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS.
Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail


------------------------------

Message: 2
Date: Fri, 01 Jun 2007 11:57:46 -0700
From: Prabhu Gurumurthy <pgurumu@gmail.com>
Subject: Re: [fw-wiz] Cisco VPN reconnection every 23 minutes
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <46606C2A.1090606@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On IPSec negotiation, the rekey is based on lifetime or bytes. when negotiation
takes place, the lowest value is always used. So it does not matter if one is
higher than the other, the negotiation does not have to agree on the
lifetime/byte values.

Are you running IPSec VPN with udp encapsulation?
I have seen problems with them, because some SOHO firewalls like netgear etc,
treat them as UDP connections and closes the state after a predetermined amount
of time.

The way that you can see is if you run tcpdump/ethereal you will see heck a lot
of UDP packets going between the client and the VPN concentrator.

If that is the case, two ways to fix it:

1. Disable SPI on the SOHO router/firewall (very bad, not recommended)
2. Disable UDP encapsulation and enable ESP to flow, i.e you will see protocol
50 for the IP header, instead of protocol 17, all newer routers/firewalls allow
them through.

Can you forward crypto config from the Cisco VPN concentrator?

Hope this helps.
Prabhu
-


Paul Murphy wrote:
> Have you checked your rekey duration on both sides? It looks like one peer
> has a considerably shorter rekey value.
>
> Thanks,
>
> Paul Murphy
>
>
>
>
>
> ditribar@gmx.de
> Sent by:
> firewall-wizards- To
> bounces@listserv. firewall-wizards@honor.icsalabs.com
> icsalabs.com cc
>
> Subject
> 05/31/2007 12:24 [fw-wiz] Cisco VPN reconnection
> PM every 23 minutes
>
>
> Please respond to
> Firewall Wizards
> Security Mailing
> List
> <firewall-wizards
> @listserv.icsalab
> s.com>
>
>
>
>
>
>
> can anybody help me to solve the following problem?
>
> A VPN Tunnel is established and working so far, but the connection gets
> reconnected about every 23 minutes.
>
> Here are some logs whats happening on PEER1 (AAA.BBB.CCC.DDD) (CISCO
> ASA 5500):
>
> Peer connect
>
> 2007-05-31T17:30:08+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
> REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
> REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
> REMOTE_LAN_IP, Crypto map (outside_map)
> 2007-05-31T17:30:10+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
> Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
> memory for authorization-dn-attributes
> 2007-05-31T17:30:10+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
> REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
> 2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
> rekeying duration from 28800 to 3600 seconds
> 2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
> LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x8d72d873,
> Outbound SPI = 0xee7d09b6
> 2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=2a2a6615)
>
> Peer disconnect again
>
> 2007-05-31T17:53:46+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
> REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
> 2007-05-31T17:53:46+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019:
> Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP,
> Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:36s,
> Bytes xmt: 6572, Bytes rcv: 7772, Reason: User Requested
> 2007-05-31T17:53:58+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
> REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
> REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
> REMOTE_LAN_IP, Crypto map (outside_map)
> 2007-05-31T17:54:00+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
> Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
> memory for authorization-dn-attributes
> 2007-05-31T17:54:00+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
> REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
> 2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
> rekeying duration from 28800 to 3600 seconds
> 2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
> LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x695fe990,
> Outbound SPI = 0x792e9c57
> 2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=b6a126bc)
>
> Manual disconnect
>
> 2007-05-31T18:00:32+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019:
> Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP,
> Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:06m:31s,
> Bytes xmt: 0, Bytes rcv: 0, Reason: Administrator Reset
> 2007-05-31T18:00:32+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
> REMOTE_PEER_IP. Reason: Administrator Reset Remote Proxy REMOTE_LAN_IP,
> Local Proxy LOCAL_PROXY_IP
> 2007-05-31T18:00:39+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
> REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
> REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
> REMOTE_LAN_IP, Crypto map (outside_map)
> 2007-05-31T18:00:40+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
> Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
> memory for authorization-dn-attributes
> 2007-05-31T18:00:40+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
> REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
> 2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
> rekeying duration from 28800 to 3600 seconds
> 2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
> LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x6bccacec,
> Outbound SPI = 0x7a216c5f
> 2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=fe0bd283)
>
> Peer disconnect again
>
> 2007-05-31T18:24:12+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
> REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
> 2007-05-31T18:24:12+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019:
> Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP,
> Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:32s,
> Bytes xmt: 6104, Bytes rcv: 6616, Reason: User Requested
> 2007-05-31T18:25:52+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
> REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
> REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
> REMOTE_LAN_IP, Crypto map (outside_map)
> 2007-05-31T18:25:54+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
> Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
> memory for authorization-dn-attributes
> 2007-05-31T18:25:54+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
> REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
> 2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
> rekeying duration from 28800 to 3600 seconds
> 2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
> LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0xba41c143,
> Outbound SPI = 0xb16e5642
> 2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group
> = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=c825a866)
>
> ..... disconnect occurs about every 23 minutes
>
>
> Any ideas?
>
> Kind regards
>
> ditribar
> --
> Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten
> Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 14, Issue 2
***********************************************

No comments: