simpsons245
IS-IT--Management
- Jan 12, 2007
- 25
I have 8 static VPN tunnels linking remote sites and a central location using Linksys AG041 VPN routers and Netgear DG834 routers at the remote sites and a Sonicwall PRO 1260 at the central location. The sites all connect fine and traffic flows as expected, but in the Sonicwall log I receive numerous (50+) logs when the Linksys boxes renegotiate the tunnels. Example:
01/12/2007 11:17:10.432 - Info - VPN IKE - Received IPSec SA delete request - AAA.AAA.AAA.AAA, 500 - BBB.BBB.BBB.BBB, 500 - VPN Policy: <VPNPolicyName>, SPI:a6ec8ed
01/12/2007 11:17:10.432 - Info - VPN IKE - Received IPSec SA delete request - AAA.AAA.AAA.AAA, 500 - BBB.BBB.BBB.BBB, 500 - VPN Policy: <VPNPolicyName>, SPI:71afa68
AAA.AAA.AAA.AAA is the remote site and BBB.BBB.BBB.BBB is the central site.
This is just two entries but there are usually 50 or more each time a tunnel is renegotiated every 8 hours. The Netgear boxes simply renegotiate as normal without the extra log files.
It looks like the delete requests are generated by the Linksys boxes very quickly (over the 50 logs the time hardly changes). The SPI changes with each log entry (sometimes there is no SPI) until the tunnel successfully renegotiates. There doesn't seem to be a performance impact but the entries fill up the log on the Sonicwall 3 or 4 times per day which is annoying. Neither Linksys or Sonicwall support can help, they just say that because it is recorded as "Info" in the log it is not a problem but something is not right.
The settings are the same on both the Netgear and Linksys boxes, 3DES/SHA1, No PFS, 28800 key lifetime settings for both Phase 1 and 2. Both use Main mode to connect.
Anyone any thoughts or similar experience?
01/12/2007 11:17:10.432 - Info - VPN IKE - Received IPSec SA delete request - AAA.AAA.AAA.AAA, 500 - BBB.BBB.BBB.BBB, 500 - VPN Policy: <VPNPolicyName>, SPI:a6ec8ed
01/12/2007 11:17:10.432 - Info - VPN IKE - Received IPSec SA delete request - AAA.AAA.AAA.AAA, 500 - BBB.BBB.BBB.BBB, 500 - VPN Policy: <VPNPolicyName>, SPI:71afa68
AAA.AAA.AAA.AAA is the remote site and BBB.BBB.BBB.BBB is the central site.
This is just two entries but there are usually 50 or more each time a tunnel is renegotiated every 8 hours. The Netgear boxes simply renegotiate as normal without the extra log files.
It looks like the delete requests are generated by the Linksys boxes very quickly (over the 50 logs the time hardly changes). The SPI changes with each log entry (sometimes there is no SPI) until the tunnel successfully renegotiates. There doesn't seem to be a performance impact but the entries fill up the log on the Sonicwall 3 or 4 times per day which is annoying. Neither Linksys or Sonicwall support can help, they just say that because it is recorded as "Info" in the log it is not a problem but something is not right.
The settings are the same on both the Netgear and Linksys boxes, 3DES/SHA1, No PFS, 28800 key lifetime settings for both Phase 1 and 2. Both use Main mode to connect.
Anyone any thoughts or similar experience?