haben eine VPN Verbindung zwischen einem LANCOM 1711 und einer Zyxel USG300.
Die Verbindung steht und wir können darüber arbeiten. Nach paar Stunden (unregelmässig) kommt im syslog die fehlermeldung: IPSEC-I-NO-proposal-matched
Unsinnig meines erachtens, denn vorher ging es ja einwandfrei.
Hier mal ein Auszug aus dem Trace wenn ich dann versuch die Verbindung wieder neu aufzubauen:
Code: Alles auswählen
[VPN-Status] 2012/11/09 13:25:51,223 Devicetime: 2012/11/09 13:25:51,901
VPN: WAN state changed to WanDisconnect for ******* (GEGENSTELLEN_IP), called by: 00197b53
[VPN-Status] 2012/11/09 13:25:51,223 Devicetime: 2012/11/09 13:25:51,904
VPN: WAN state changed to WanIdle for ******* (GEGENSTELLEN_IP), called by: 00197b53
[VPN-Status] 2012/11/09 13:25:51,223 Devicetime: 2012/11/09 13:25:51,916
VPN: rulesets installed
[VPN-Status] 2012/11/09 13:25:52,270 Devicetime: 2012/11/09 13:25:52,902
VPN: WAN state changed to WanCall for ******* (GEGENSTELLEN_IP), called by: 00197b53
[VPN-Status] 2012/11/09 13:25:52,270 Devicetime: 2012/11/09 13:25:52,903
VPN: connecting to ******* (GEGENSTELLEN_IP)
[VPN-Status] 2012/11/09 13:25:52,270 Devicetime: 2012/11/09 13:25:52,903
vpn-maps[17], remote: *******, nego, static-name, connected-by-name
[VPN-Status] 2012/11/09 13:25:52,270 Devicetime: 2012/11/09 13:25:52,903
vpn-maps[17], remote: *******, nego, static-name, connected-by-name
[VPN-Status] 2012/11/09 13:25:52,270 Devicetime: 2012/11/09 13:25:52,919
vpn-maps[17], remote: *******, nego, static-name, connected-by-name
[VPN-Status] 2012/11/09 13:25:52,270 Devicetime: 2012/11/09 13:25:52,920
VPN: start IKE negotiation for ******* (GEGENSTELLEN_IP)
[VPN-Status] 2012/11/09 13:25:52,270 Devicetime: 2012/11/09 13:25:52,920
VPN: WAN state changed to WanProtocol for ******* (GEGENSTELLEN_IP), called by: 00197b53
[VPN-Status] 2012/11/09 13:25:52,270 Devicetime: 2012/11/09 13:25:52,923
IKE info: Phase-1 negotiation started for peer ******* rule isakmp-peer-******* using MAIN mode
[VPN-Status] 2012/11/09 13:25:52,286 Devicetime: 2012/11/09 13:25:52,970
IKE info: The remote peer ******* supports NAT-T in draft mode
IKE info: The remote peer ******* supports NAT-T in draft mode
IKE info: The remote peer ******* supports NAT-T in RFC mode
IKE info: The remote server GEGENSTELLEN_IP:500 (UDP) peer ******* id <no_id> negotiated rfc-3706-dead-peer-detection
[VPN-Status] 2012/11/09 13:25:52,286 Devicetime: 2012/11/09 13:25:52,971
IKE info: Phase-1 remote proposal 1 for peer ******* matched with local proposal 1
[VPN-Status] 2012/11/09 13:25:53,020 Devicetime: 2012/11/09 13:25:53,499
IKE info: unexpected cleartext message received from peer unknown and dropped in phase-2
[VPN-Status] 2012/11/09 13:25:53,020 Devicetime: 2012/11/09 13:25:53,500
IKE log: 132553.000000 Default dropped message from GEGENSTELLEN_IP port 500 due to notification type INVALID_FLAGS
[VPN-Status] 2012/11/09 13:25:53,020 Devicetime: 2012/11/09 13:25:53,500
IKE info: dropped message from peer unknown GEGENSTELLEN_IP port 500 due to notification type INVALID_FLAGS
[VPN-Status] 2012/11/09 13:26:03,223 Devicetime: 2012/11/09 13:26:03,706
IKE info: Delete Notificaton for for Phase-2 SA spi [0x1beff39a] could not be sent: no phase-1 sa exists to peer GEGENSTELLEN_IP
[VPN-Status] 2012/11/09 13:26:22,270 Devicetime: 2012/11/09 13:26:22,920
VPN: connection for ******* (GEGENSTELLEN_IP) timed out: no response
[VPN-Status] 2012/11/09 13:26:22,270 Devicetime: 2012/11/09 13:26:22,920
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for ******* (GEGENSTELLEN_IP)
[VPN-Status] 2012/11/09 13:26:22,270 Devicetime: 2012/11/09 13:26:22,921
VPN: disconnecting ******* (GEGENSTELLEN_IP)
[VPN-Status] 2012/11/09 13:26:22,270 Devicetime: 2012/11/09 13:26:22,921
VPN: Error: IFC-I-Connection-timeout-IKE-IPSEC (0x1106) for ******* (GEGENSTELLEN_IP)
[VPN-Status] 2012/11/09 13:26:22,270 Devicetime: 2012/11/09 13:26:22,939
VPN: ******* (GEGENSTELLEN_IP) disconnected