Search This Blog

Friday, June 01, 2007

firewall-wizards Digest, Vol 14, Issue 1

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Cisco VPN reconnection every 23 minutes (ditribar@gmx.de)
2. Re: Cisco VPN reconnection every 23 minutes (Paul Murphy)


----------------------------------------------------------------------

Message: 1
Date: Thu, 31 May 2007 19:12:01 +0200
From: ditribar@gmx.de
Subject: [fw-wiz] Cisco VPN reconnection every 23 minutes
To: firewall-wizards@honor.icsalabs.com
Message-ID: <20070531171201.197650@gmx.net>
Content-Type: text/plain; charset="us-ascii"

can anybody help me to solve the following problem?

A VPN Tunnel is established and working so far, but the connection gets reconnected about every 23 minutes.

Here are some logs whats happening on PEER1 (AAA.BBB.CCC.DDD) (CISCO ASA 5500):

Peer connect

2007-05-31T17:30:08+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP = REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address REMOTE_LAN_IP, Crypto map (outside_map)
2007-05-31T17:30:10+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated memory for authorization-dn-attributes
2007-05-31T17:30:10+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec rekeying duration from 28800 to 3600 seconds
2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x8d72d873, Outbound SPI = 0xee7d09b6
2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=2a2a6615)

Peer disconnect again

2007-05-31T17:53:46+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
2007-05-31T17:53:46+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019: Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:36s, Bytes xmt: 6572, Bytes rcv: 7772, Reason: User Requested
2007-05-31T17:53:58+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP = REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address REMOTE_LAN_IP, Crypto map (outside_map)
2007-05-31T17:54:00+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated memory for authorization-dn-attributes
2007-05-31T17:54:00+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec rekeying duration from 28800 to 3600 seconds
2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x695fe990, Outbound SPI = 0x792e9c57
2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=b6a126bc)

Manual disconnect

2007-05-31T18:00:32+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019: Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:06m:31s, Bytes xmt: 0, Bytes rcv: 0, Reason: Administrator Reset
2007-05-31T18:00:32+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer REMOTE_PEER_IP. Reason: Administrator Reset Remote Proxy REMOTE_LAN_IP, Local Proxy LOCAL_PROXY_IP
2007-05-31T18:00:39+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP = REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address REMOTE_LAN_IP, Crypto map (outside_map)
2007-05-31T18:00:40+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated memory for authorization-dn-attributes
2007-05-31T18:00:40+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec rekeying duration from 28800 to 3600 seconds
2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x6bccacec, Outbound SPI = 0x7a216c5f
2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=fe0bd283)

Peer disconnect again

2007-05-31T18:24:12+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
2007-05-31T18:24:12+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019: Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:32s, Bytes xmt: 6104, Bytes rcv: 6616, Reason: User Requested
2007-05-31T18:25:52+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP = REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address REMOTE_LAN_IP, Crypto map (outside_map)
2007-05-31T18:25:54+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated memory for authorization-dn-attributes
2007-05-31T18:25:54+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec rekeying duration from 28800 to 3600 seconds
2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0xba41c143, Outbound SPI = 0xb16e5642
2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=c825a866)

..... disconnect occurs about every 23 minutes


Any ideas?

Kind regards

ditribar
--
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser


------------------------------

Message: 2
Date: Thu, 31 May 2007 13:25:52 -0500
From: Paul Murphy <Paul_Murphy@fd.org>
Subject: Re: [fw-wiz] Cisco VPN reconnection every 23 minutes
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<OF904FA57E.B8A09523-ON862572EC.00650228-862572EC.00653F1D@fd.org>
Content-Type: text/plain; charset=US-ASCII

Have you checked your rekey duration on both sides? It looks like one peer
has a considerably shorter rekey value.

Thanks,

Paul Murphy



ditribar@gmx.de
Sent by:
firewall-wizards- To
bounces@listserv. firewall-wizards@honor.icsalabs.com
icsalabs.com cc

Subject
05/31/2007 12:24 [fw-wiz] Cisco VPN reconnection
PM every 23 minutes


Please respond to
Firewall Wizards
Security Mailing
List
<firewall-wizards
@listserv.icsalab
s.com>


can anybody help me to solve the following problem?

A VPN Tunnel is established and working so far, but the connection gets
reconnected about every 23 minutes.

Here are some logs whats happening on PEER1 (AAA.BBB.CCC.DDD) (CISCO
ASA 5500):

Peer connect

2007-05-31T17:30:08+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
REMOTE_LAN_IP, Crypto map (outside_map)
2007-05-31T17:30:10+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
memory for authorization-dn-attributes
2007-05-31T17:30:10+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
rekeying duration from 28800 to 3600 seconds
2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x8d72d873,
Outbound SPI = 0xee7d09b6
2007-05-31T17:30:11+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=2a2a6615)

Peer disconnect again

2007-05-31T17:53:46+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
2007-05-31T17:53:46+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019:
Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP,
Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:36s,
Bytes xmt: 6572, Bytes rcv: 7772, Reason: User Requested
2007-05-31T17:53:58+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
REMOTE_LAN_IP, Crypto map (outside_map)
2007-05-31T17:54:00+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
memory for authorization-dn-attributes
2007-05-31T17:54:00+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
rekeying duration from 28800 to 3600 seconds
2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x695fe990,
Outbound SPI = 0x792e9c57
2007-05-31T17:54:01+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=b6a126bc)

Manual disconnect

2007-05-31T18:00:32+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019:
Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP,
Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:06m:31s,
Bytes xmt: 0, Bytes rcv: 0, Reason: Administrator Reset
2007-05-31T18:00:32+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
REMOTE_PEER_IP. Reason: Administrator Reset Remote Proxy REMOTE_LAN_IP,
Local Proxy LOCAL_PROXY_IP
2007-05-31T18:00:39+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
REMOTE_LAN_IP, Crypto map (outside_map)
2007-05-31T18:00:40+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
memory for authorization-dn-attributes
2007-05-31T18:00:40+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
rekeying duration from 28800 to 3600 seconds
2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0x6bccacec,
Outbound SPI = 0x7a216c5f
2007-05-31T18:00:41+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=fe0bd283)

Peer disconnect again

2007-05-31T18:24:12+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713050: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Connection terminated for peer
REMOTE_PEER_IP. Reason: Peer Terminate Remote Proxy N/A, Local Proxy N/A
2007-05-31T18:24:12+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-113019:
Group = REMOTE_PEER_IP, Username = REMOTE_PEER_IP, IP = REMOTE_PEER_IP,
Session disconnected. Session Type: IPSecLAN2LAN, Duration: 0h:23m:32s,
Bytes xmt: 6104, Bytes rcv: 6616, Reason: User Requested
2007-05-31T18:25:52+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713041: IP =
REMOTE_PEER_IP, IKE Initiator: New Phase 1, Intf inside, IKE Peer
REMOTE_PEER_IP local Proxy Address LOCAL_PROXY_IP, remote Proxy Address
REMOTE_LAN_IP, Crypto map (outside_map)
2007-05-31T18:25:54+0100 AAA.BBB.CCC.DDD warning local4 %ASA-4-713903:
Group = REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Freeing previously allocated
memory for authorization-dn-attributes
2007-05-31T18:25:54+0100 AAA.BBB.CCC.DDD err local4 %ASA-3-713119: Group =
REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 1 COMPLETED
2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713073: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Responder forcing change of IPSec
rekeying duration from 28800 to 3600 seconds
2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713049: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, Security negotiation complete for
LAN-to-LAN Group (REMOTE_PEER_IP) Initiator, Inbound SPI = 0xba41c143,
Outbound SPI = 0xb16e5642
2007-05-31T18:25:55+0100 AAA.BBB.CCC.DDD notice local4 %ASA-5-713120: Group
= REMOTE_PEER_IP, IP = REMOTE_PEER_IP, PHASE 2 COMPLETED (msgid=c825a866)

..... disconnect occurs about every 23 minutes


Any ideas?

Kind regards

ditribar
--
Ist Ihr Browser Vista-kompatibel? Jetzt die neuesten
Browser-Versionen downloaden: http://www.gmx.net/de/go/browser
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 14, Issue 1
***********************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)