[gelöst] VPN bricht immer nach ca. 40 Sekunden ab / 3850

Forum zum Thema allgemeinen Fragen zu VPN

Moderator: Lancom-Systems Moderatoren

Antworten
xenomorph
Beiträge: 43
Registriert: 04 Mai 2006, 21:30

[gelöst] VPN bricht immer nach ca. 40 Sekunden ab / 3850

Beitrag von xenomorph »

Hallo!

Also nun habe ich endlich den 3850 und leider ersteinmal Probleme mit dem VPN via UMTS....

Momentan habe ich einen 1821 in Verbindung mit einem 3550 (UMTS) stabil am laufen...

So heute sollte der 3850 dazukommen.

Der Tunnel wird auch aufgebaut aber so immer nach ca. 40 Sekunden unterbrochen.

(Line Polling)

hier der Tarce....

habt Ihr eine Idee... Es muss irgendwie am 3850 liegen... da der 3550 mit den gleichen VPN Einstellungen läuft und keine Probleme macht...

und ja ping blockieren ist in allen router nicht aktiv.... :)


root@3580_05:/
>
[VPN-Status] 2008/02/08 17:50:19,100
VPN: poll timeout for 1821_01 (87.xxx.xx.xx)
remote site answered during intervall
send poll frame to 87.xxx.xx.xx

[VPN-Status] 2008/02/08 17:50:19,240
VPN: Poll reply from 1821_01 (87.xxx.xx.xx)

[VPN-Status] 2008/02/08 17:50:23,990
IKE info: Delete Notification received for Phase-2 SA ipsec-0-1821_01
peer 1821_01 spi [0x41e97e63]


[VPN-Status] 2008/02/08 17:50:23,990
IKE info: Phase-2 SA removed: peer 1821_01 rule ipsec-0-1821_01-pr0-l0-r0 remove
d
IKE info: containing Protocol IPSEC_ESP, with spis [41e97e63 ] [0203f721 ]


[VPN-Status] 2008/02/08 17:50:24,000
IKE info: Delete Notification received for Phase-1 SA isakmp-peer-1821_01 peer 1
821_01 cookies [48c7a84a69943aff 5bbc97c14d959b4d]


[VPN-Status] 2008/02/08 17:50:24,000
IKE info: Phase-1 SA removed: peer 1821_01 rule 1821_01 removed


[VPN-Status] 2008/02/08 17:50:24,000
VPN: 1821_01 (87.xxx.xx.xx) disconnected

[VPN-Status] 2008/02/08 17:50:24,000
VPN: Disconnect info: remote-disconnected (0x4301) for 1821_01 (87.xxx.xx.xx)

[VPN-Status] 2008/02/08 17:50:24,020
VPN: selecting first remote gateway using strategy eFirst for 1821_01
=> CurrIdx=0, IpStr=>87.xxx.xx.xx<, IpAddr=87.xxx.xx.xx, IpTtl=0s

[VPN-Status] 2008/02/08 17:50:24,020
VPN: installing ruleset for 1821_01 (87.xxx.xx.xx)

[VPN-Status] 2008/02/08 17:50:24,030
VPN: rulesets insta

[VPN-Status] 2008/02/08 17:50:25,020
VPN: connecting to 1821_01 (87.xxx.xx.xx)

[VPN-Status] 2008/02/08 17:50:25,040
VPN: start dynamic VPN negotiation for 1821_01 (87.xxx.xx.xx) via ICMP/UDP

[VPN-Status] 2008/02/08 17:50:25,040
VPN: create dynamic VPN V2 authentication packet for 1821_01 (87.xxx.xx.xx)
DNS: 192.168.5.254, 0.0.0.0
NBNS: 192.168.5.254, 0.0.0.0
polling address: 192.168.5.254

[VPN-Status] 2008/02/08 17:50:25,040
VPN: installing ruleset for 1821_01 (87.xxx.xx.xx)

[VPN-Status] 2008/02
VPN: ruleset installed for 1821_01 (87.xxx.xx.xx)

[VPN-Status] 2008/02/08 17:50:25,060
VPN: start IKE negotiation for 1821_01 (87.xxx.xx.xx)

[VPN-Status] 2008/02/08 17:50:25,070
VPN: rulesets installed

[VPN-Status] 2008/02/08 17:50:25,070
IKE info: Phase-1 negotiation started for peer 1821_01 rule isakmp-peer-1821_01
using AGGRESSIVE mode


[VPN-Status] 2008/02/08 17:50:25,520
IKE info: The remote server 87.xxx.xx.xx:500 peer 1821_01 id <no_id> is Enigmate
c IPSEC version 1.5.1
IKE info: The remote server 87.xxx.xx.xx:500 peer 1821_01 id <no_id> negotiated
rfc-3706-dead-peer-detection
IKE info: The remote server 87.xxx.xx.xx:500 peer 1821_01 id <no_id> supports NA
T-T in mode draft
IKE info: The remote server 87.xxx.xx.xx:500 peer 1821_01 id <no_id> supports NA
T-T in mode draft
IKE info: The remote server 87.xxx.xx.xx:500 peer 1821_01 id <no_id> supports NA
T-T in mode rfc


[VPN-Status] 2008/02/08 17:50:25,520
IKE info: Phase-1 remote proposal 1 for peer 1821_01 matched with local pro
1


[VPN-Status] 2008/02/08 17:50:25,670
IKE info: Phase-1 [inititiator] for peer 1821_01 between initiator id 3850_05@la
ncom.de, responder id 1821_01@lancom.de done
IKE info: SA ISAKMP for peer 1821_01 encryption aes-cbc authentication md5
IKE info: life time ( 108000 sec/ 0 kb)


[VPN-Status] 2008/02/08 17:50:25,810
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE for peer 1821_01 S
eq-Nr 0x7b972a4e, expected 0x7b972a4e


[VPN-Status] 2008/02/08 17:50:25,810
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE_ACK sent for Phase-1 SA to peer 1821_01, s
equence nr 0x7b972a4e


[VPN-Status] 2008/02/08 17:50:26,070
IKE info: Phase-2 [inititiator] done with 2 SAS for peer 1821_01 rule ipsec-0-18
21_01-pr0-l0-r0
IKE info: rule:' ipsec 192.168.5.0/255.255.255.0 <-> 192.168.1.0/255.255.255.0 '

IKE info: SA ESP [0x2a77d362] alg AES keylength 128 +hmac HMAC_MD5 outgoing
IKE info: SA ESP [0x6327a42b] alg AES keylength 128 +hmac HMAC_MD5 incoming
IKE info: life soft( 1600 sec/160000 kb) ha
IKE info: tunnel between src: 90.187.162.127 dst: 87.xxx.xx.xx


[VPN-Status] 2008/02/08 17:50:27,220
VPN: 1821_01 (87.xxx.xx.xx) connected, set poll timer to 30 sec

[VPN-Status] 2008/02/08 17:50:32,220
VPN: poll timeout for 1821_01 (87.xxx.xx.xx)
send poll frame to 87.xxx.xx.xx

[VPN-Status] 2008/02/08 17:50:32,360
VPN: Poll reply from 1821_01 (87.xxx.xx.xx)

[VPN-Status] 2008/02/08 17:51:02,220
VPN: poll timeout for 1821_01 (87.xxx.xx.xx)
remote site answered during intervall
send poll frame to 87.xxx.xx.xx

[VPN-Status] 2008/02/08 17:51:02,370
VPN: Poll reply from 1821_01 (87.xxx.xx.xx)

[VPN-Status] 2008/02/08 17:51:07,110
IKE info: Delete Notification received for Phase-2 SA ipsec-0-1821_01-pr0-l0-r0
peer 1821_01 spi [0x2a77d362]


[VPN-Status] 2008/02/08 17:51:07,110
IKE info: Phase-2 SA removed: peer 1821_01 rule ipsec-0-1821_01-pr0-l0-r0 remove
d
IKE info: containing Protocol IPSEC_ESP, with spis [2a77d362 ] [6327a42b ]


[VPN-Status] 2008/02/08 17:51:07,120
IKE info: Delete Notification received for Phase-1 SA
821_01 cookies [15e822334f55c9b7 2632e62285c78324]


[VPN-Status] 2008/02/08 17:51:07,120
IKE info: Phase-1 SA removed: peer 1821_01 rule 1821_01 removed


[VPN-Status] 2008/02/08 17:51:07,120
VPN: 1821_01 (87.xxx.xx.xx) disconnected

[VPN-Status] 2008/02/08 17:51:07,120
VPN: Disconnect info: remote-disconnected (0x4301) for 1821_01 (87.xxx.xx.xx)

[VPN-Status] 2008/02/08 17:51:07,140
VPN: selecting first remote gateway using strategy eFirst for 1821_01
=> CurrIdx=0, IpStr=>87.xxx.xx.xx<, IpAddr=87.xxx.xx.xx,

[VPN-Status] 2008/02/08 17:51:07,140
VPN: installing ruleset for 1821_01 (87.xxx.xx.xx)

[VPN-Status] 2008/02/08 17:51:07,150
VPN: rulesets installed

[VPN-Status] 2008/02/08 17:51:08,140
VPN: connecting to 1821_01 (87.xxx.xx.xx)

[VPN-Status] 2008/02/08 17:51:08,160
VPN: start dynamic VPN negotiation for 1821_01 (87.xxx.xx.xx) via ICMP/UDP

[VPN-Status] 2008/02/08 17:51:08,160
VPN: create dynamic VPN V2 authentication packet for 1821_01 (87.xxx.xx.xx)
DNS: 192.168.5.254, 0.0.0.0
NBNS: 192.168.5.254, 0.0
polling address: 192.168.5.254

[VPN-Status] 2008/02/08 17:51:08,160
VPN: installing ruleset for 1821_01 (87.xxx.xx.xx)

Gruß Xeno
Nach oben
TheCloud
Beiträge: 215
Registriert: 22 Nov 2007, 14:41

Beitrag von TheCloud »

Hallo xenomorph,
[VPN-Status] 2008/02/08 17:50:32,220
VPN: poll timeout for 1821_01 (87.xxx.xx.xx)
send poll frame to 87.xxx.xx.xx
Dieses Polling macht m.E. keinen wirklichen Sinn im Bezug auf die Tunnelüberwachung, da ja eine öffentliche IP gepollt wird und somit nicht der VPN-Tunnel überwacht wird.

Hast Du die IP in der Polling-Tabelle hinterlegt?
[VPN-Status] 2008/02/08 17:50:23,990
IKE info: Delete Notification received for Phase-2 SA ipsec-0-1821_01
peer 1821_01 spi [0x41e97e63]
Hieran sieht man, dass die Gegenseite den VPN-Tunnel abbaut. Was sagt den der Trace auf dem 1821? Versucht dieser ggf. eine IP zu pollen, die nicht erreichbar ist?

Gruß

TC
Nach oben
xenomorph
Beiträge: 43
Registriert: 04 Mai 2006, 21:30

Beitrag von xenomorph »

Hi...

Ja im Polling im 3850 ist die richtige IP eingetragen...

Sorry der Trace sieht ein wenig zepflückt aus... wohl zu viel Daten für das Telnet.. :( aber ich musste mich via VPN einwählen, weil ich nicht mehr in der Fa. bin....

Bitte vom 3550_04 nicht irritieren lassen... der ist offline... :)

Hier der Trace von 1821:


[VPN-Status] 2008/02/08 21:05:32,7
setting poll time to 1 sec.
VPN: connecting
(5 retries left).0)1:04:34,050
send poll frame to 90.186.92.162blish dynamic VPN negotiator

[VPN-Status] 2008/02/08 21:05:33,8
(4 retries left)850_05
send poll frame to 90.186.92.162(0.0.0.0)


[VPN-Status] 2008/02/08 21:06:52,260PN negotiator channel

[VPN-Stat
VPN: connecting to 3550_04 (0.0.0.0)Status] 2008/02/08 21:05:33,800 inst
VPN: establish dynamic VPN negotiator channelC-I-No-channel-available (0x1102) for 3550_04

[VPN-Status] 2008/02/08 21:06:52,260
VPN: 3850
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)atus] 200
VPN: connecting to 3550_04 (0.0.0.0)
VPN

[VPN-Status] 2008/02/08 21:06:53,000PN negotiator channel008/02/08 21:04
VPN: poll timeout for 3850_05 (90.186.92.162)008/02/08 21:05:35,460ver 90.186.92.162:500 p
remote site did not answer duri
VPN: establish dynamic VPN negotiator channelrver 90.186.9
send poll frame to 90.186.92.16

[VPN-Status] 2008/02/08 21:06:53,300N-Status] 2008/02/08 21:05:38,140
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)E info: The remote server 90.186.92.
VPN: establish dynamic VPN negot

[VPN-Status] 2008/02/08 21:06:54,000

[VPN-Status] 2
VPN: poll timeout for 3850_05 (90.186.92.162)
VPN: Error: IFC-I-No-channel-ava
remote site did not answer during intervald> nego
(2 retries left)

[VPN-Statu
send poll frame to 90.186.92.162-peer-detection
VP

[VPN-Status] 2008/02/08 21:06:55,000/02/08 21:04:36,150
VPN
VPN: poll timeout for 3850_
VPN: establish dynamic VPN negotiator channeldynamic VPN negotiator channel3850_05@lanc

[VPN-Status] 2008/02/08 21:06:55,020tatus] 2008/02/08 21:05:43,680
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)(0x1102) for 3550_04 (0.0.0.0)A ISAKMP for peer 3850_05 encryption ae

[VPN-Status] 2008/02/08 21:06:56,000tatus] 2008/02/08 21:05:43,800
VPN: poll timeout for 3850_05 (90.186.92.162) to 3550_04 (0.0.0.0)
remote site did not answer during intervalotiator channel
no retries left, disconnect channel8/02/08 21:05:43,8001 SA to peer 38

[VPN-Status] 2008/02/08 21:06:56,0
VPN: conn
VPN: disconnecting 3850_05 (90.186.92.162)
1


[VPN-St
VPN: establish dynami

[VPN-Status] 2008/02/08 21:06:56,010
IKE info: NOTIFY received

[VP
VPN: Error: (unknown) (0x0301) for 3850_05 (90.186.92.162)
VPN: Error: IFC-I-No-channel-available (0x1102)

[VPN-Status] 2008/02/08 21:06:56,020pected 0x42bb7836
IKE info: Delete Notificaton sent for Phase-2 SA ipsec-2-3850_05-pr0-l0-r0 to pe
VPN: connecting to 3550_04 (0.0.0.0)done with 2 SAS for peer 3850_05
er 3850_05, spi [0x5572fb16]N negotiator channel


[VPN-Status] 2008/02/08 21:06:56,020[VPN-Status] 2008/02/08 21:05:45,280
IKE info: Phase-2 SA removed: peer 3850_05 rule ipsec-2-3850_05-pr0-l0-r0 remov102) for 3550_04 (



[VPN-Status] 2008/02/08 21:06:56,060
VPN: establish dy
VPN: selecting first remote gateway using strategy eFirst for 3850_05

[VPN-Status] 2008/02/08 21:05:46,540

[VPN-Status] 2008/02
=> no remote gateway selectedel-available (0x1102) for 3550_04

[VPN-Status] 2008/02/08 21:06:56,070 to 30 sec
VPN: installing ruleset for 3850_05 (0.0.0.0)tatus] 2008/02/08 21:04:38,



[VPN-Status] 2008/02/08 21:06:56,970ator channel
IKE log: 210656 Default dropped message from 90.186.92.162 port 500 due to notif


[VPN-Status] 2008/02/08 21:05:49,030le (0x1102) for 3550_04 (0.0.
ication type INVALID_COOKIEIFY_DPD_R_U_THERE_ACK sent


[VPN-Status] 2008/02/08 21:06:56,9702/08 21:04:39,230
IKE info: dropped message from peer unknown 90.186.92.162 port 500 due


[VPN-Status] 2008/02/08 21:0c VP

[VPN-Status] 2008/02/08 21:07:00,520
VPN:
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R

[VPN-Status] 2008/02/08 21:07:01,740-No-channel-available (0x1102) for 3
VPN: connecting to 3550_04 (0.0.0.0)r 0x7e674627, expected 0x7e674627
VPN: establish dynamic VPN negotiator channeltus] 2008/02/08 21:05:50,000
VPN:

[VPN-Status] 2008/02/08 21:07:01,740OTIFY_DPD_R_U_THERE_ACK sent for Pha
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)

[VPN-Status] 2008
sequence nr 0x7e674627

[VPN-Status] 2008/02/08 21:07:02,1 21:0

[VPN-Status] 2008/02/08 21:07:02,100le (0x1102) for 3550_04 (0.0.0.0)c V
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE_ACK sent for Phase-1 SA to peer NB_6_OET, 2008/02/08 21:05:55,840
VPN
VPN: connecting to
sequence nr 0x7e67462bx1102) for 3550_04 (0.


[VPN-Status] 2008/02/08 21:07:03,530gotiator channelvpn-status
VPN: connecting to 3550_04 (0.0.0.0)s] 2008/02/08 21:05:55,840
VPN: establish dynamic VPN negotiator channelo-channel-available (0x1102) for 3550_04 (0.0

[VPN-Status] 2008/02/08 21:07:03,530sing strategy eFirst for 3550_03-sta
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0) =>
VPN: connecting to 3550_04 (0.0.0.0)t OFF

[VP

[VPN-Status] 2008/02/08 21:0c VP

root@1821
[VPN-Status] 2008/02/08 21:07:08,410tus] 2
=> no remote gateway sel
IKE info: The remote server 90.186.92.162:500 peer def-aggr-peer id <no_id> is Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)teway using strat
nigmatec IPSEC version 1.5.1
send poll frame

[VP
IKE info: The remote server 90.186.92.162:500 peer def-aggr-peer id <no_id> suppOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE for peer NB_6_OET0.186.110.22
orts NAT-T in mode draftN: selecting first remot
IKE info: The remote server 90.186.92.162:500 peer def-aggr-peer id <no_iPN: poll timeout for


[VPN-Status] 2008/02/08 te ga
tiated rfc-3706-dead-peer-detectionatus] 2008/02/08 21:06:04,280e to 9


[VPN-Status] 2008/02/08 21:07:08,410or: IFC-I-No-channel-available (0x11
IKE info: Phase-1 remote proposal 1 for peer def-aggr-peer matched with local pr.
VPN: instal

[VPN-Status] 2008/02/08 21:06:05,500
remote site di

[VPN-Statu
oposal 1PN: conn


[VPN-Status] 2008/02/08 21:07:08,890
(2
VPN: rulesets ins
VPN: establ
IKE info: Phase-1 [responder] for peer 3850_05 between initiator id 3850_05@lanc[VPN-Status] 2008/02/08 21:06:05,5004 (0.0.0.0)


om.de, responder id 1821
[VP

[VPN-Status] 2008/02/08 21:06:07,060
IKE info: tunnel between src: 87.xxx.xx.xx dst: 90.186.92.162ble (0x1102) for 3550_04 (0.0.0.0) 21:03:50,210

[VPN-Stat


[VPN-Status] 2008/02/08 21:07:09,170t f

[VPN-Status] 2008/02/08 21:06:0
VPN: wait for IKE negotiation from 3850_05 (90.186.92.162) for 3850_05 (90.186.92.162)N negotiator channel

[VPN-Status] 2008/02/08 21:07:09,560swer during interval08 21:04:48,840
VPN: connecting to 3550_04 (0.0.0.0)ll time to 1 sec.No-channel-availabl
VPN: establish dynamic VPN negotiator channel poll frame to 90.186.92.162.162)

[VPN-Status] 2008/02/08 21:07:09,56008 21:06:08,120

[VPN-Statu
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550162)D
VPN: disconnecting 3850_0

[VPN-Status] 2008/

[VPN-Status] 2008/02/08 21:07:10,580


[VPN-Stat
VPN: Error: IFC-I-N
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)ed: peer 3

[VPN-Status] 2008/02/08 21:04:49,820r

[VPN-Status] 2008/

[VPN-Status] 2008/02/08 21:07:11,500hannel-available
VPN: poll timeout f
VPN: connecting to 3550_04 (0.0.0.0)ith spis [3ba36506 ] [36dc2161 ]
r
VPN: establish dynamic VPN negotiator channel


[VPN
I
(3 retr

[VPN-Status] 2008/02/08 21:07:11,500ame to 90.186.92.162eer info: Delet

[VPN-Status] 2008/02/08 21:07:14,360gr-peer id
VPN: connecting
remote
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)c VPN n
(1 retries left)
send poll frame to 90.186.92

[VPN-Status] 2008/02/08 21:07:15,040[VPN-Status] 2008/02/08 21:06:12,120
VPN: connecting to 3550_04 (0.0.0.0)VPN: poll timeout for 3850_05 (90.18
VPN: establish dynamic VPN negotiator channelnfo: The
remote site did not answer during in

[VPN-Status] 2008/02/08 21:07:15,040
no retries left, disconne
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0) 21:06:12,130tor channele remote server 90.186.92
VPN: Error: IFC-X-L

[VPN-Status] 2008/02/08 21:07:15,1805 (90.186.92.1
VPN: poll timeout for 38
[VPN-Status] 2008/02/08 21:07:15,4800,120-1 [respo
IKE info: Delete Noti
VPN: Poll reply from 3550_03 (90.186.110.227)0-l0-r0 to pe550_04 (0.0.0.0)

[VPN-Status] 2008/02/08 21:07:16,940er id 1821
er 3850_05, spi [0x1460f8
VPN: connecting to 3550_04 (0.0.0.0)N-Status] 2008/02/08 21:06:12,140to
VPN: establish dynamic VPN negotiator channelase-2 SA removed: peer 3850_05 rule ipsec-2-3

[VPN-Status] 2008/02/08 21:07:16,940e ( 108000 sec/

[VPN-Status] 2008/0
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)SP, with spis [3e5697bc ] [1460f8b 3550_04 (


[VPN-Status] 2008/02/08 21:06:

[VPN-Status] 2008/02/08 21:07:22,4800inf
IKE info: Phase-1 SA removed: p
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0))


[VPN-Status] 2008/02/08 21:06:12,180Statu

[VPN-Status] 2008/02/08 21:07:23,580electing first remote gateway using
VPN: connecting to 3550_04 (0.0.0.0)SAKMP_NOTIFY_DPD_R_U_THERE for peer
VPN: establish dynamic VPN negotiator channelway selected
05 Seq-Nr
Seq

[VPN-Status] 2008/02/08 21:07:23,5800


[V

VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)IKE
IKE info: ISAKMP_

[VPN-Status] 2008/02/08 21:06:12,190e-1 SA to

[VPN-Status] 2008/02/08 21:07:25,20005 (0.0.0.0) disconnected
VPN: connecting to 3550_0

[VPN-Status] 2008/02/08 21:07:32,32008/02/08 21:06:14,260ilable (0x1102)
VPN: connecting to 3550_04 (0.0.0.0)-1 remote proposal 1 for peer def-ag
VPN: establish dynamic VPN negotiator channel (0.0.0.0)

[VPN-Status] 2008/02/08 21:07:32,320[VPN-Status] 2008/02/08 21:06:14,720
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0) peer 3850_05 between initiator id 3850_05@lancnnel-available (0x1102

[VPN-Status] 2008/02/08 21:07:33,520 IFC-I-No-channel-av
om.de, responde
VPN: connecting to 3550_04 (0.0.0.0)/02/08 21:05:11,860
IKE
VPN: establish dynamic VPN negotiator channeles-cbc authentication md5

[VPN-Status] 2008/02/08 21:07:33,520r channeloll tim
IKE info: life time
[VPN-Status] 2008/02/08 21:07:34,000gotiator channel

VPN: connecting to 3550_04 (0.0.0.0)1f48008/02/08 21:03:5


[VPN-Status]
VPN: establish dynamic VPN negotiator channelo-channel-avai
IKE info: Phase-2 remote propo

[VPN-Status] 2008/02/08 21:07:34,000cal proposal
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)tatus] 2008/02/08 21:06:14,970send poll frame to 90.186.92.162
IK

[VPN-Status] 2008/02/08 21:07:34,540_NOTIFY_DPD_R_U_THERE_ACK for peer 3
VPN: connecting to 3550_04 (0.0.0.0)ting to 3550_04 (0.0.0.0)0
VPN: establish dynamic VPN negotiator channel98e1f48negotiator channel02) for 3550_04 (0.0

[VPN-Status] 2008/02/08 21:07:34,540,98008/02/08 21:05:13,620
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (50 (0x1102) fVPN: connecting to 3550_
VPN: poll timeout for 3850_0

[VPN-Status] 2008/02/08 21:07:36,680 chann
IKE info: life soft( 1800 sec
VPN: connecting to 3550_04 (0.0.0.0)02/08 21:03:56,600
VPN: establish dynamic VPN negotiator channell between src: 87.xxx.xx.xx dst: 90.186.92.16

[VPN-Status] 2008/02/08 21:07:36,680:15,340


[VPN-Stat
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)ait for IKE negotiation from 3850_05 (90.186.92.162)during intervall

[VPN-Status] 2008/02/08 21:07:38,960end

[VPN-Status] 2008/02/08 21:06:1
VPN: connecting to 3550_00



VPN: establish dynamic VPN negotiator channel162) connected, set poll timer to 30 sec 21:0

[VPN-Status] 2008/02/08 21:07:44,540
VPN: connectin

[VPN-Status]
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)cting to 3550_04 (0.0.0.0)hannel-available (0x1102) for 3550_0
VPN: e

[VPN-Status] 2008/02/08 21:07:45,180l
VPN:
VPN: poll timeout for 3850_05 (90.186.92.162)203550_04 (0.0.0.0)
VPN: conne
VPN: E
remote site did not answer during intervalor 3550Status] 2008/02/08 21:05:mic VP
send poll frame to 192.168.3.254
remote site

[VPN-St

[VPN-Status] 2008/02/08 21:07:45,480

VPN: con
VPN: Poll reply from 3550_03 (90.186.110.227)50_04 (0.0.0.0)

[
VPN: establish dynamic VPN

[VPN-Status] 2008/02/08 21:07:45,540

[VP
VPN: Error: IFC-X-L

[VPN-Sta
VPN: connecting to 3550_04 (0.0.0.0).92.162)connecting to 3550_
VPN: Err
VPN: establish dynamic VPN negotiator channel50_04 (0.0.0.0)2008/02/08 21:05:17,950l

[VPN-Status] 2008/02/08 21:07:45,540c

[VPN-Status] 2008/02/08 21:06:21,
VPN: Error: IFC-I-No-channel-available (0x11poll timeout for 388

[VPN-Status] 2008/02/08 21:07:48,180d
VPN: establish d

[VPN-S
VPN: poll timeout for 3850_05 (90.186.92.162)08/02/08 21:05:18,00
VPN: Error: IFC-I-No-cha
remote site did not answer during interval0)way using strategy eFirst for 3850_05ila
(2 retries left)3550_04 (0.0

[V
send poll frame to 90.186.92.1620 => no remote gateway selec

[VPN-Status] 2008/02/08 21:07:49,1800.0)N-Status] 2008/02/08 21:05:18,00
VPN: poll timeout for 3850_05 (90.186.92.162)nneling ruleset for 3850_05 (0.0.0.0) establi
remote site did not answer during interval-Status] 2008/02/08 21:05:18,010
VPN: E
(1 retries left)annel-available
send poll frame to 90.186.92.162
VPN: Error: IFC-I-No-channel-


[VPN-Status] 2008/02/08 21:07:49,180PN-Status] 2008/02/08 21:06:28,720

IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE for peer NB_6_OE8,920
VPN: establish dynamic VP
ication type I
VPN: connecting to 3550_04 (0.0.0.0)08/02/08 21:06:28,76008/02/08 21:05:
VPN: establish dynamic VPN negotiator channelnnel-available (0x1102) for 3550_04 (0.0.0.0)

[VPN-Status] 2008/02/08 21:07:49,900I-No-channel-available (0x1102)

[VP
VPN: Error: IFC-I-No-channel-available (0x1102) for 3550_04 (0.0.0.0)VPN: connecting to 3550_04 (0.0.0.0) 2008/02/08 21:05:20,860

[VPN-Status] 2008/02/08 21:07:50,180tor channel50_04 (0.0.0.0)
VPN: poll timeout for 3850_05 (90.186.92.162)21:06:30,300tiator channel
remote site did not answer
VPN: es

[VPN-Status] 2008/02/08 21:07:50,190
VPN: est
VPN: disconnecting 3850_05 (90.186.92.162),460

V

[VPN-Status] 2008/02/08 21:07:50,190(0x1102) for 3550_04 (0.0.0.0)
VP
VPN: Error: (unknown) (0x0301) for 3850_05 (90.186.92.162)0.0.

[VPN-Status] 2008/02/08 21:06:33,020

[VPN-Status] 2008/02/08 21:07:50,200o 3550_04 (0.0.0.0)
IKE info: Delete Notificaton sent for Phase-2 SA ipsec-2-3850_05-pr0-l0-r0 to pe
VPN: establish dy

[VPN-Status] 2008/02/08 21:06:33,020
er 3850_05, spi [0x40036297]Error: IFC-I-No-channel-avai


[VPN-Status] 2008/02/08 21:07:50,200


[VPN-Status] 2008/02/08 21:07:50,2100)

[VPN
IKE info: Phase-1 SA removed: peer 3850_05 rule 3850_05 removed
VPN: connecting to 3550_

[VPN-Status] 2008/02/08 21:06:39


[VPN-Status] 2008/02/08 21:06:41,280e (0x1102) for 35
Seq-Nr 0x7e67462d, expected 0x7e67 to 3550_

[VPN-Status] 2008/

[VPN-Status] 2008/02/08 21:07:50,260PN: establish dy
VPN: Error: IFC-I-N
VPN: rulesets installed

[VPN-Status] 2008/02/08 21:07:51,170
IKE log: 210751 Default message_recv: invalid cookie(s) 23569f06a20b11f3 8ab75a4
bd46ee472


[VPN-Status] 2008/02/08 21:07:51,170
IKE log: 210751 Default dropped message from 90.186.92.162 port 500 due to notif
ication type INVALID_COOKIE


[VPN-Status] 2008/02/08 21:07:51,180
IKE info: dropped message from peer unknown 90.186.92.162 port 500 due to notifi
cation type INVALID_COOKIE
Nach oben
xenomorph
Beiträge: 43
Registriert: 04 Mai 2006, 21:30

Beitrag von xenomorph »

Habe es auch mal ohne polling mit dem "Establish-SAs-Collectively" Reiter probiert...
Egal welche Einstellung immer das gleiche Problem....
Hat denn hier jemand einen 3850 stabil via UMTS / VPN an laufen ???
Gruß Xeno
Nach oben
xenomorph
Beiträge: 43
Registriert: 04 Mai 2006, 21:30

Beitrag von xenomorph »

Hallo...

So habe ich mal nur ein Trace auf dem 1821 gemacht und den Filter für den 3850 gesetzt...

Also irgendwie schickt der 1821 ja den Poll zum 3850, der antwortet jedoch nicht... und deshalb wird der VPN nach 5 Versuchen vom 1821 terminiert.

Was ich nicht verstehe... warum er den 3850 nicht erreicht.... also ich habe schon die Firewall usw. deaktiviert, aber es haut trotzdem nicht hin.... :?:

VPN-Status OFF
VPN-Packet OFF
VPN-Status ON @ 1821_01 3850_05

root@1821_01:/
>
[VPN-Status] 2008/02/09 11:01:58,160
IKE info: Phase-1 [responder] for peer 3850_05 between initiator id 3850_05@lanc
om.de, responder id 1821_01@lancom.de done
IKE info: SA ISAKMP for peer 3850_05 encryption aes-cbc authentication md5
IKE info: life time ( 108000 sec/ 0 kb)


[VPN-Status] 2008/02/09 11:01:58,250
IKE info: Phase-2 remote proposal 1 for peer 3850_05 matched with local proposal
1


[VPN-Status] 2008/02/09 11:01:58,420
IKE info: Phase-2 [responder] done with 2 SAS for peer 3850_05 rule ipsec-2-3850
_05-pr0-l0-r0
IKE info: rule:' ipsec 192.168.1.0/255.255.255.0 <-> 192.168.5.0/255.255.255.0 '

IKE info: SA ESP [0x1ef8db86] alg AES keylength 128 +hmac HMAC_M
IKE info: SA ESP [0x3cb742d1] alg AES keylength 128 +hmac HMAC_MD5 incoming
IKE info: life soft( 1800 sec/180000 kb) hard (2000 sec/200000 kb)
IKE info: tunnel between src: 87.xxx.xxx.xx dst: 90.187.104.138


[VPN-Status] 2008/02/09 11:01:58,430
VPN: wait for IKE negotiation from 3850_05 (90.187.104.138)


A new configuration is being uploaded ...
[VPN-Status] 2008/02/09 11:01:59,440
VPN: 3850_05 (90.187.104.138) connected, set poll timer to 30 sec


Configuration has been uploaded successfully
[VPN-Status] 2008/02
VPN: selecting first remote gateway using strategy eFirst for 3850_05
=> no remote gateway selected

[VPN-Status] 2008/02/09 11:02:04,440
VPN: poll timeout for 3850_05 (90.187.104.138)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:02:34,440
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
setting poll time to 1 sec.
(5 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:02:35,440
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(4 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:02:36,440
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(3 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:02:37,440
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(2 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:02:38,440
VPN: poll timeout for 3850_05 (
remote site did not answer during interval
(1 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:02:39,440
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
no retries left, disconnect channel

[VPN-Status] 2008/02/09 11:02:39,450
VPN: Error: IFC-X-Line-polling-failed (0x1307) for 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:02:39,450
VPN: disconnecting 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:02:39,450
VPN: Error: (unknown) (0x0301) for 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:02:39,460
IKE info: Delete Notificaton sent for Phase-2 SA ipsec-2-3850_05-pr0-l0-r0 to pe
er 3850_05, spi [0x3cb742d1]


[VPN-Status] 2008/02/09 11:02:39,460
IKE info: Phase-2 SA removed: peer 3850_05 rule ipsec-2-3850_05-pr0-l0-r0 remove
d
IKE info: containing Protocol IPSEC_ESP, with spis [1ef8db86 ] [3cb742d1 ]


[VPN-Status] 2008/02/09 11:02:39,460
IKE info: Delete Notificaton sent for Phase-1 SA to peer 3850_05


[VPN-Status] 2008/02/09 11:02:39,460
IKE info: Phase-1 SA removed: peer 3850_05 rule 3850_05 removed


[VPN-Status] 2008/02/09 11:02:39,500
VPN: selecting first remote gateway using strategy eFirst for 3850_05
=> no remote gateway selected

[VPN-Status] 2008/02/09 11:02:39,500
VPN: installing ruleset for 3850_05 (0.0.0.0)

[VPN-Status] 2008/02/09 11:02:39,510
VPN: 3850_05 (0.0.0.0) disconnected

[VPN-Status] 2008/02/09 11:02:42,030
IKE info: Phase-1 [responder] for peer 3850_05 between initiator id 3850_05@lan
om.de, responder id 1821_01@lancom.de done
IKE info: SA ISAKMP for peer 3850_05 encryption aes-cbc authentication md5
IKE info: life time ( 108000 sec/ 0 kb)


[VPN-Status] 2008/02/09 11:02:42,040
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE sent for Phase-1 SA to peer 3850_05, seque
nce nr 0x3ee1f92c


[VPN-Status] 2008/02/09 11:02:42,110
IKE info: Phase-2 remote proposal 1 for peer 3850_05 matched with local proposal
1


[VPN-Status] 2008/02/09 11:02:42,280
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE_
05 Seq-Nr 0x3ee1f92c, expected 0x3ee1f92c


[VPN-Status] 2008/02/09 11:02:42,290
IKE info: Phase-2 [responder] done with 2 SAS for peer 3850_05 rule ipsec-2-3850
_05-pr0-l0-r0
IKE info: rule:' ipsec 192.168.1.0/255.255.255.0 <-> 192.168.5.0/255.255.255.0 '

IKE info: SA ESP [0x3857768c] alg AES keylength 128 +hmac HMAC_MD5 outgoing
IKE info: SA ESP [0x240cb60f] alg AES keylength 128 +hmac HMAC_MD5 incoming
IKE info: life soft( 1800 sec/180000 kb) hard (2000 sec/200000 kb)
IKE info: tunnel between src: 87.139.13


[VPN-Status] 2008/02/09 11:02:42,290
VPN: wait for IKE negotiation from 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:02:43,310
VPN: 3850_05 (90.187.104.138) connected, set poll timer to 30 sec

[VPN-Status] 2008/02/09 11:02:48,310
VPN: poll timeout for 3850_05 (90.187.104.138)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:03:18,310
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
setting poll time to 1 sec.
(5 retries left)
send poll frame to 90.187.

[VPN-Status] 2008/02/09 11:03:19,310
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(4 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:03:20,310
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(3 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:03:21,310
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(2 retries left)
send poll frame to

[VPN-Status] 2008/02/09 11:03:22,310
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(1 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:03:23,310
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
no retries left, disconnect channel

[VPN-Status] 2008/02/09 11:03:23,320
VPN: Error: IFC-X-Line-polling-failed (0x1307) for 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:03:23,320
VPN: disconnecting 3850_0

[VPN-Status] 2008/02/09 11:03:23,320
VPN: Error: (unknown) (0x0301) for 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:03:23,330
IKE info: Delete Notificaton sent for Phase-2 SA ipsec-2-3850_05-pr0-l0-r0 to pe
er 3850_05, spi [0x240cb60f]


[VPN-Status] 2008/02/09 11:03:23,330
IKE info: Phase-2 SA removed: peer 3850_05 rule ipsec-2-3850_05-pr0-l0-r0 remove
d
IKE info: containing Protocol IPSEC_ESP, with spis [3857768c ] [240cb60f ]


[VPN-Status] 2008/02/09 11:03:23,330
IKE info: Delete Notificaton sent fo


[VPN-Status] 2008/02/09 11:03:23,330
IKE info: Phase-1 SA removed: peer 3850_05 rule 3850_05 removed


[VPN-Status] 2008/02/09 11:03:23,370
VPN: selecting first remote gateway using strategy eFirst for 3850_05
=> no remote gateway selected

[VPN-Status] 2008/02/09 11:03:23,370
VPN: installing ruleset for 3850_05 (0.0.0.0)

[VPN-Status] 2008/02/09 11:03:23,380
VPN: 3850_05 (0.0.0.0) disconnected

[VPN-Status] 2008/02/09 11:03:25,870
IKE info: Phase-1 [responder] for peer 3850_05 between initiator id 3850_05@la
om.de, responder id 1821_01@lancom.de done
IKE info: SA ISAKMP for peer 3850_05 encryption aes-cbc authentication md5
IKE info: life time ( 108000 sec/ 0 kb)


[VPN-Status] 2008/02/09 11:03:25,950
IKE info: Phase-2 remote proposal 1 for peer 3850_05 matched with local proposal
1


[VPN-Status] 2008/02/09 11:03:26,130
IKE info: Phase-2 [responder] done with 2 SAS for peer 3850_05 rule ipsec-2-3850
_05-pr0-l0-r0
IKE info: rule:' ipsec 192.168.1.0/255.255.255.0 <-> 192.168.5.0/255.255.255.0 '

IKE info: SA ESP [0x5bc28195] alg AES keylength 128 +hmac HMAC_MD5 outgoing
IKE info: SA ESP [0x468ffc33] alg AES keylength 128 +hmac HMAC_MD5 incoming
IKE info: life soft( 1800 sec/180000 kb) hard (2000 sec/200000 kb)
IKE info: tunnel between src: 87.xxx.xxx.xx dst: 90.187.104.138


[VPN-Status] 2008/02/09 11:03:26,130
VPN: wait for IKE negotiation from 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:03:27,140
VPN: 3850_05 (90.187.104.138) connected, set poll timer to 30 sec

[VPN-Status] 2008/02/09 11:03:
VPN: poll timeout for 3850_05 (90.187.104.138)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:04:02,140
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
setting poll time to 1 sec.
(5 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:04:03,140
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(4 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:04:04,140
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(3 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:04:05,140
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(2 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:04:06,140
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(1 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
no retries left, disconnect channel

[VPN-Status] 2008/02/09 11:04:07,150
VPN: Error: IFC-X-Line-polling-failed (0x1307) for 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:04:07,150
VPN: disconnecting 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:04:07,150
VPN: Error: (unknown) (0x0301) for 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:04:07,160
IKE info: Delete Notificaton sent for Phase-2 SA ipsec-2-3850
er 3850_05, spi [0x468ffc33]


[VPN-Status] 2008/02/09 11:04:07,160
IKE info: Phase-2 SA removed: peer 3850_05 rule ipsec-2-3850_05-pr0-l0-r0 remove
d
IKE info: containing Protocol IPSEC_ESP, with spis [5bc28195 ] [468ffc33 ]


[VPN-Status] 2008/02/09 11:04:07,160
IKE info: Delete Notificaton sent for Phase-1 SA to peer 3850_05


[VPN-Status] 2008/02/09 11:04:07,160
IKE info: Phase-1 SA removed: peer 3850_05 rule 3850_05 removed


[VPN-Status] 2008/02/09 11:04:07,200
VPN: selecting first remote gateway using strat
=> no remote gateway selected

[VPN-Status] 2008/02/09 11:04:07,200
VPN: installing ruleset for 3850_05 (0.0.0.0)

[VPN-Status] 2008/02/09 11:04:07,210
VPN: 3850_05 (0.0.0.0) disconnected

[VPN-Status] 2008/02/09 11:04:09,560
IKE info: Phase-1 [responder] for peer 3850_05 between initiator id 3850_05@lanc
om.de, responder id 1821_01@lancom.de done
IKE info: SA ISAKMP for peer 3850_05 encryption aes-cbc authentication md5
IKE info: life time ( 108000 sec/ 0 kb)


[VPN-Status] 2008/02/09 11:04:09,570
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE sent for Phase-1 SA to peer 3850_05, seque
nce nr 0x67757933


[VPN-Status] 2008/02/09 11:04:09,640
IKE info: Phase-2 remote proposal 1 for peer 3850_05 matched with local proposal
1


[VPN-Status] 2008/02/09 11:04:09,810
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE_ACK for peer 3850_
05 Seq-Nr 0x67757933, expected 0x67757933


[VPN-Status] 2008/02/09 11:04:09,820
IKE info: Phase-2 [responder] done with 2 SAS for peer 3850_05 rule ipsec-2-3850
_05-pr0-l0-r0
IKE info: rule:' ipsec 192.168.1.0/255.255.255.0 <-> 192.168.5.0/255.255.255.0 '

IKE info: SA ESP [0x1dbee107] alg AES keylength 128 +hmac HMAC_MD5 outgoing
IKE info: SA ESP [0x17c847c7] alg AES keylength 128 +hmac HMAC_MD5 incoming
IKE info: life soft( 1800 sec/180000 kb) hard (2000 sec/200000 kb)
IKE info: tunnel between src: 87.xxx.xxx.xx dst: 90.187.104.138


[VPN-Status] 2008/02/09 11:04:09,830
VPN: wait for IKE negotiation from 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:04:10,840
VPN: 3850_05 (90.187.104.138) connected, set poll timer to 30 sec

[VPN-Status] 2008/02/09 11:04:15,840
VPN: poll timeout for 3850_05 (90.187.104.138)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:04:45,840
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
setting poll time to 1 sec.
(5 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:04:46,840
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(4 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:04:47,840
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(3 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:04:48,840
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
(2 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:04:49,840
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer
(1 retries left)
send poll frame to 90.187.104.138

[VPN-Status] 2008/02/09 11:04:50,840
VPN: poll timeout for 3850_05 (90.187.104.138)
remote site did not answer during interval
no retries left, disconnect channel

[VPN-Status] 2008/02/09 11:04:50,850
VPN: Error: IFC-X-Line-polling-failed (0x1307) for 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:04:50,850
VPN: disconnecting 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:04:50,850
VPN: Error: (unknown) (0x0301) for 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:04:50,860
IKE info: Delete Notificaton sent for Phase-2 SA ipsec-2-3850_05-pr0-l0-r0 to pe
er 3850_05, spi [0x17c847c7]


[VPN-Status] 2008/02/09 11:04:50,860
IKE info: Phase-2 SA removed: peer 3850_05 rule ipsec-2-3850_05-pr0-l0-r0 remove
d
IKE info: containing Protocol IPSEC_ESP, with spis [1dbee107 ] [17c847c7 ]


[VPN-Status] 2008/02/09 11:04:50,860
IKE info: Delete Notificaton sent for Phase-1 SA to peer 3850_05


[VPN-Status] 2008/02/09 11:04:50,860
IKE info: Phase-1 SA removed: peer 3850_05 rule 3850_05 removed


[VPN-Status] 2008/02/09 11:04:50,900
VPN: selecting first remote gateway using strategy eFirst for 3850_05
=> no remote gateway selected

[VPN-Status] 2008/02/09 11:04:50,900
VPN: installing ruleset for 3850_05 (0.0.0.0)

[VPN-Status] 2008/02/09 11:04:50,910
VPN: 3850_05 (0.0.0.0) disconnected

[VPN-Status] 2008/02/09 11:04:53,370
IKE info: Phase-1 [responder] for peer 3850_05 between initiator id 3850_05@lanc
om.de, responder id 1821_01@lancom.
IKE info: SA ISAKMP for peer 3850_05 encryption aes-cbc authentication md5
IKE info: life time ( 108000 sec/ 0 kb)


[VPN-Status] 2008/02/09 11:04:53,380
IKE info: ISAKMP_NOTIFY_DPD_R_U_THERE sent for Phase-1 SA to peer 3850_05, seque
nce nr 0x4ab69c0a


[VPN-Status] 2008/02/09 11:04:53,450
IKE info: Phase-2 remote proposal 1 for peer 3850_05 matched with local proposal
1


[VPN-Status] 2008/02/09 11:04:53,610
IKE info: NOTIFY received of type ISAKMP_NOTIFY_DPD_R_U_THERE_ACK for peer 3850_
05 Seq-Nr 0x4ab69c0a, expected 0x4ab69c0a


[VPN-Status] 2008/02/09 11:04:53,630
IKE info: Phase-2 [responder] done with 2 SAS for peer 3850_05 rule ipsec-2-3850
_05-pr0-l0-r0
IKE info: rule:' ipsec 192.168.1.0/255.255.255.0 <-> 192.168.5.0/255.255.255.0 '

IKE info: SA ESP [0x1e09dba9] alg AES keylength 128 +hmac HMAC_MD5 outgoing
IKE info: SA ESP [0x064d3606] alg AES keylength 128 +hmac HMAC_MD5 incoming
IKE info: life soft( 1800 sec/180000 kb) hard (2000 sec/200000 kb)
IKE info: tunnel between src: 87.xxx.xxx.xx dst: 90.187.104.138


[VPN-Status] 2008/02/09 11:04:53,630
VPN: wait for IKE negotiation from 3850_05 (90.187.104.138)

[VPN-Status] 2008/02/09 11:04:54,640
VPN: 3850_05 (90.187.104.138) connected, set poll timer to 30 sec
Nach oben
TheCloud
Beiträge: 215
Registriert: 22 Nov 2007, 14:41

Beitrag von TheCloud »

Hallo,
Was ich nicht verstehe... warum er den 3850 nicht erreicht
Versuche mal die Intranet-IP des 3850 durch den VPN-Tunnel zu pollen.
Bei den UMTS-Providern steht der Router normalerweise nicht direkt im Internet. Häufig ist dazwischen noch ein NAT aber zimendest steht noch ein Proxy-Server dazwischen. Daher kann es sein, dass selbst wenn das 3850 eine öffentliche IP zugewiesen bekommen hat, die Poll-Pakete vom Proxy nicht durchgeleitet werden.

Gruß

TC
Nach oben
xenomorph
Beiträge: 43
Registriert: 04 Mai 2006, 21:30

Beitrag von xenomorph »

Also Nat-T ist bei beiden aktiviert.... deshalb müsste es ja auch gehen....
dafür ist es ja schließlich da... und bei dem 3550 funktioniert es ja auch ohne Probleme....

Abgesehen davon... steh da auf dem Schlauch :shock: ..... wie soll ich den den Router explizit sagen dass sie die Intranet-IP pollen sollen.

Hat denn hier einer schon den 3850 via Mobilfunk im VPN am laufen ???

Gruß Xeno
Nach oben
ittk
Beiträge: 1244
Registriert: 27 Apr 2006, 09:56

Beitrag von ittk »

Hi,

benutze dafuer einfach die Polling-Tabelle. Die Gegenstelle auswaehlen und dessen Intranet-IP Adresse als Pruefziel mit ICMP auf Erreichbarkeit pruefen.
12x 1621 Anx. B-21x 1711 VPN-3x 1722 Anx. B-7x 1723 VoIP-1x 1811 DSL, 1x 7011 VPN-1 x 7111 VPN-1x 8011 VPN-10er Pack Adv. VPN Client (2x V1.3-3x 2.0)-Hotspot Option-Adv. VoIP Client/P250 Handset-Adv.VoIP Option-4x VPN-Option-2x L-54 dual-2x L54ag-2x O-18a
Nach oben
TheCloud
Beiträge: 215
Registriert: 22 Nov 2007, 14:41

Beitrag von TheCloud »

Hallo xenomorph,

glaub mir, das funktioniert auch mit dem 3850 :wink:

Alternativ zum ICMP-Plolling kannst Du auch DPD benutzen.
Hierzu schaltest Du auf beiden Seiten das ICMP-Polling ab. Du findest die verschiedenen Polling-Einträge in der Polling-Tabelle und in der PPP-Liste (Parameter Zeit auf 0 stellen).
Achte bitte auch darauf, dass Du kein dyn.VPN machst (VPN-Verbindungsliste).
Hier findest Du auch den DPD-Schalter. Stelle auf beiden Seiten die Zeit auch 60 Sekunden.

Jetzt überprüfen die beiden LANCOMs den Tunnel nur dann, wenn für 60 Sekunden lang kein VPN-Traffic gelaufen ist. Diese Überprüfung findet in Phase-1 des Tunnel statt.

Gruß

TC
Nach oben
xenomorph
Beiträge: 43
Registriert: 04 Mai 2006, 21:30

Beitrag von xenomorph »

Hi... :D
Ersteinmal vielen Dank für die vielen Antworten...
Leider bin ich noch nicht dazu gekommen sie umzusetzen.... es wird mir wohl erst wieder am WE möglich sein.... ich werde mich dann wieder melden....

So eine Sache ist mir jedoch suspekt... die 3550 habe ich damals mit LCOS 5.x mit dem Setupassistenten durchgeführt. Danach dann noch die entsprechenden Änderungen manuell durchgeführt...

Die gleiche Prozedur habe ich dann mit LCOS 7.x mit dem 3850 gemacht.. und ich bin mir ziemlich sicher dass ich identisch vorgegangen bin... nur das es beim 3850 nun Probleme gibt.

Was mir noch aus dem Gedächnis kommt... kann es sein, dass unter LCOS 5.x man im Setupassistenten das ICMP-Polling direkt aktivieren konnte und in der aktuellen nicht mehr... und es nun manuell durchführen muss :?:

Vielleicht liegt ja da mein Denkfehler....

Egal... ich werde es ja am WE sehen....

Bis denne

Gruß Xeno :D
Nach oben
xenomorph
Beiträge: 43
Registriert: 04 Mai 2006, 21:30

Beitrag von xenomorph »

Hi...

Also alles versucht und geändert... ICMP, DPD aber immer das gleiche ... nach 40 Sekunden wird der Tunnel terminiert....

Ich mache jetzt ersteinmal ein Hardreset.... und dann schau ich mal... :(

Gruß Xeno
Nach oben
xenomorph
Beiträge: 43
Registriert: 04 Mai 2006, 21:30

Beitrag von xenomorph »

:( also es gibt eigentlich nicht richtig neues....

also mit dem script aus dem 3550 läuft der 3850....

wenn ich ihn mittels Setupassistenten und den entsprechenden manuellen Einstellung konfiguriere läuft er auch, bis zu dem Zeitpunkt, an dem ich den Tunnel einmal unterbreche.

Dann das alte Spiel ... nach 40 Sekunden wird getrennt.... also ich muss noch mal in mich gehen.... vielleicht habe ich auch Scheuklappen an... und sehe den Fehler nicht....

Ich halte Euch auf dem Laufenden...

Gruß Xeno
Nach oben
xenomorph
Beiträge: 43
Registriert: 04 Mai 2006, 21:30

Beitrag von xenomorph »

:D Problem gelöst..... :)

Vielen Dank an den Lösungsgeber .... :)

Also kurzum...

Ich habe aus dem funktinierenden Router die Konfig mittels Script ausgelesen und auf den neuen angepasst unt übertragen....

Nun funktioniert es....

Ich weis zwar immer noch nicht, warum der Fehler aufgetreten ist, aber Hauptsache es geht jetzt.

So wenn mir jetzt noch einer sagen kann wie ich den Threat als "gelöst" abschliessen kann... wäre ich restlos glücklich... :)

Gruß xeno
Nach oben
backslash
Moderator
Moderator
Beiträge: 7129
Registriert: 08 Nov 2004, 21:26
Wohnort: Aachen

Beitrag von backslash »

Hi xenomorph
So wenn mir jetzt noch einer sagen kann wie ich den Threat als "gelöst" abschliessen kann... wäre ich restlos glücklich...
in dem du dein erstes Posting editierst und vor den Titel "[gelöst]" schreibst...

Gruß
Backslash
Nach oben
Benutzeravatar
LoUiS
Site Admin
Site Admin
Beiträge: 5052
Registriert: 07 Nov 2004, 18:29
Wohnort: Aix la Chapelle

Beitrag von LoUiS »

Hi,

ich war so frei. ;)


Ciao
LoUiS
Dr.House hat geschrieben:Dr. House: Du bist geheilt. Steh auf und wandle.
Patient: Sind Sie geisteskrank?
Dr. House: In der Bibel sagen die Leute schlicht "Ja, Herr" und verfallen dann ins Lobpreisen.
Nach oben
Antworten

Zurück zu „Fragen zum Thema VPN“