NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
IPSec VPN Deletes After One Hour
I can successfully open a tunnel between the Netgear VPN client and FVS318N VPN router. However after an hour, the VPN log on the router reports ISAKMP-SA expired and the tunnel goes down. I've included the VPN log below. Any ideas? Thanks.
Sat Jul 23 16:45:38 2016 (GMT -0500): [FVS318N] [IKE] INFO: 192.168.20.1 IP address has been released by remote peer.
Sat Jul 23 16:45:38 2016 (GMT -0500): [FVS318N] [IKE] INFO: ISAKMP-SA deleted for XX.XX.47.230[4500]-174.198.11.127[24446] with spi:fab577d7526c8214:21a73b5694da14a0
Sat Jul 23 16:45:37 2016 (GMT -0500): [FVS318N] [IKE] INFO: Sending Informational Exchange: delete payload[]
Sat Jul 23 16:45:37 2016 (GMT -0500): [FVS318N] [IKE] INFO: ISAKMP-SA expired XX.XX.47.230[4500]-174.198.11.127[24446] spi:fab577d7526c8214:21a73b5694da14a0
Sat Jul 23 16:33:39 2016 (GMT -0500): [FVS318N] [IKE] INFO: [IPSEC_VPN] IPsec-SA expired: ESP/Tunnel 174.198.11.127->XX.XX.47.230 with spi=228570525(0xd9fb59d)
Sat Jul 23 16:33:39 2016 (GMT -0500): [FVS318N] [IKE] INFO: [IPSEC_VPN] IPsec-SA expired: ESP/Tunnel XX.XX.47.230->174.198.11.127 with spi=785394355(0x2ed02ab3)
Sat Jul 23 15:46:37 2016 (GMT -0500): [FVS318N] [IKE] INFO: Sending Informational Exchange: notify payload[10637]
..........
Sat Jul 23 15:46:07 2016 (GMT -0500): [FVS318N] [IKE] INFO: Sending Informational Exchange: notify payload[10637]
Sat Jul 23 15:45:38 2016 (GMT -0500): [FVS318N] [IKE] INFO: IPsec-SA established[UDP encap 4500->24446]: ESP/Tunnel XX.XX.47.230->174.198.11.127 with spi=785394355(0x2ed02ab3)
Sat Jul 23 15:45:38 2016 (GMT -0500): [FVS318N] [IKE] INFO: IPsec-SA established[UDP encap 24446->4500]: ESP/Tunnel 174.198.11.127->XX.XX.47.230 with spi=228570525(0xd9fb59d)
Sat Jul 23 15:45:38 2016 (GMT -0500): [FVS318N] [IKE] INFO: Adjusting peer's encmode 3(3)->Tunnel(1)
Sat Jul 23 15:45:38 2016 (GMT -0500): [FVS318N] [IKE] INFO: No policy found, generating the policy : 192.168.20.1/32[0] 192.168.1.2/24[0] proto=any dir=in
Sat Jul 23 15:45:38 2016 (GMT -0500): [FVS318N] [IKE] INFO: Using IPsec SA configuration: 192.168.1.0/24<->192.168.20.0/24
Sat Jul 23 15:45:38 2016 (GMT -0500): [FVS318N] [IKE] INFO: FOUND
Sat Jul 23 15:45:38 2016 (GMT -0500): [FVS318N] [IKE] INFO: Responding to new phase 2 negotiation: XX.XX.47.230[0]<=>174.198.11.127[0]
Sat Jul 23 15:45:37 2016 (GMT -0500): [FVS318N] [IKE] INFO: Sending Informational Exchange: notify payload[608]
Sat Jul 23 15:45:37 2016 (GMT -0500): [FVS318N] [IKE] INFO: ISAKMP-SA established for XX.XX.47.230[4500]-174.198.11.127[24446] with spi:fab577d7526c8214:21a73b5694da14a0
Sat Jul 23 15:45:37 2016 (GMT -0500): [FVS318N] [IKE] INFO: 192.168.20.1 IP address is assigned to remote peer 174.198.11.127[24446]
Sat Jul 23 15:45:37 2016 (GMT -0500): [FVS318N] [IKE] INFO: NAT detected: Local is behind a NAT device. and alsoPeer is behind a NAT device
Sat Jul 23 15:45:37 2016 (GMT -0500): [FVS318N] [IKE] INFO: NAT-D payload does not match for 174.198.11.127[24446]
Sat Jul 23 15:45:37 2016 (GMT -0500): [FVS318N] [IKE] INFO: NAT-D payload does not match for XX.XX.47.230[4500]
Sat Jul 23 15:45:36 2016 (GMT -0500): [FVS318N] [IKE] INFO: For 174.198.11.127[24440], Selected NAT-T version: RFC 3947Sat Jul 23 15:45:37 2016 (GMT -0500): [FVS318N] [IKE] INFO: Floating ports for NAT-T with peer 174.198.11.127[24446]
Sat Jul 23 15:45:36 2016 (GMT -0500): [FVS318N] [IKE] INFO: Received Vendor ID: DPD
Sat Jul 23 15:45:36 2016 (GMT -0500): [FVS318N] [IKE] INFO: Received Vendor ID: RFC 3947
Sat Jul 23 15:45:36 2016 (GMT -0500): [FVS318N] [IKE] INFO: Received unknown Vendor ID
Sat Jul 23 15:45:36 2016 (GMT -0500): [FVS318N] [IKE] INFO: Received Vendor ID: draft-ietf-ipsec-nat-t-ike-02
Sat Jul 23 15:45:36 2016 (GMT -0500): [FVS318N] [IKE] INFO: Received unknown Vendor ID
Sat Jul 23 15:45:36 2016 (GMT -0500): [FVS318N] [IKE] INFO: Beginning Aggressive mode.
Sat Jul 23 15:45:36 2016 (GMT -0500): [FVS318N] [IKE] INFO: Received request for new phase 1 negotiation: XX.XX.47.230[500]<=>174.198.11.127[24440]
Sat Jul 23 15:45:36 2016 (GMT -0500): [FVS318N] [IKE] INFO: Remote configuration for identifier "client.com" found
6 Replies
Hi jxdomb,
It seems that I don't see any similarity on the VPN logs you've posted from the article below. However, you may double-check it for yourself.
Understanding the VPN logs – ProSafe VPN Client
Kindly answer the questions below:
a. Was it working fine before?
b. What is the current version of the NETGEAR VPN Client software you are using?
c. What is the current firmware version of the FVS318N?
Kindly check the SA Lifetime values as well. Let me share these old forum links that might help:
Regards,
DaneA
NETGEAR Community TeamThank you for the response. I double-checked the article and agree that I don't see similarities with my situation. I also checked the SA lifetimes as described in the threads and they are in bounds. I am using the latest firmware and client versions:
a. Was it working fine before? This is a new installation.
b. What is the current version of the NETGEAR VPN Client software you are using? 6.30.001
c. What is the current firmware version of the FVS318N? 4.3.3-8
Thank you!
Hi jxdomb,
What is the Operating System of the PC where the NETGEAR VPN Client software is installed?
Is there a software firewall or anti-virus running on the PC where the NETGEAR VPN Client software is installed? If yes, try to disable or uninstall it for the meantime then check if that helps.
Also, you may try to install the NETGEAR VPN Client software on other PCs/laptops to isolate the problem.
Regards,
DaneA
NETGEAR Community Team
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
