NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

JeremyDirective's avatar
JeremyDirective
Follower
Aug 02, 2017

IPsec VPN disconnects but still says it's online

I am having an issue with my IPsec VPN disconnecting (traffic no llonger travles across it, testing with pings) it lasts for anywhere vetween 30 minutes to a few hours and then disconnects, however if I go to the VPN> Connection status it says it is connected, "IPsec SA Established"

 

I had been doing some testing with setting up AD integration with users and trying to get the VPN lite client set up and then opening ports for windows VPN via IPsec to try and get a user set up with a software VPN connection to the server however I was carefull to not touch any of the site-to-site VPN settings and I went back through and removed all the settings I had changed, other than a new PPTP port forward to the server and now every once in a while it just drops, only way I have found to re-establish the connection is to reboot the Firewall, here is the last log I got from the last time it dropped:

 

Fri Dec 31 20:13:44 1999 (GMT -0500): [SRX5308] [IKE] INFO: Initiating new phase 2 negotiation: 50.75.132.222[500]<=>72.43.209.210[0]
Fri Dec 31 20:13:44 1999 (GMT -0500): [SRX5308] [IKE] INFO: Configuration found for 72.43.209.210.
Fri Dec 31 20:13:44 1999 (GMT -0500): [SRX5308] [IKE] INFO: Configuration found for 72.43.209.210.
Fri Dec 31 20:13:44 1999 (GMT -0500): [SRX5308] [IKE] INFO: accept a request to establish IKE-SA: 72.43.209.210
Fri Dec 31 20:13:26 1999 (GMT -0500): [SRX5308] [IKE] INFO: Initiating new phase 2 negotiation: 50.75.132.222[500]<=>72.43.209.210[0]
Fri Dec 31 20:13:26 1999 (GMT -0500): [SRX5308] [IKE] INFO: Configuration found for 72.43.209.210.
Fri Dec 31 20:13:26 1999 (GMT -0500): [SRX5308] [IKE] INFO: Configuration found for 72.43.209.210.
Fri Dec 31 20:13:26 1999 (GMT -0500): [SRX5308] [IKE] INFO: accept a request to establish IKE-SA: 72.43.209.210
Fri Dec 31 20:13:19 1999 (GMT -0500): [SRX5308] [IKE] INFO: Initiating new phase 2 negotiation: 50.75.132.222[0]<=>72.43.209.210[0]
Fri Dec 31 20:13:19 1999 (GMT -0500): [SRX5308] [IKE] INFO: Configuration found for 72.43.209.210.
Fri Dec 31 20:13:19 1999 (GMT -0500): [SRX5308] [IKE] INFO: Configuration found for 72.43.209.210.
Fri Dec 31 20:13:19 1999 (GMT -0500): [SRX5308] [IKE] INFO: Using IPsec SA configuration: 192.10.10.254/24<->192.168.16.0/24
Fri Dec 31 20:13:18 1999 (GMT -0500): [SRX5308] [IKE] INFO: Phase 2 sa deleted 50.75.132.222-72.43.209.210
Fri Dec 31 20:13:18 1999 (GMT -0500): [SRX5308] [IKE] INFO: Sending Informational Exchange: delete payload[]
Fri Dec 31 20:13:18 1999 (GMT -0500): [SRX5308] [IKE] INFO: Flushing SAs for peer "72.43.209.210" with spi 60109977
Fri Dec 31 19:53:03 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:53:02 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:53:01 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:51:56 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:51:55 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:51:54 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:50:49 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:50:48 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:50:47 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:50:15 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:50:14 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:50:13 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:49:46 1999 (GMT -0500): [SRX5308] [IKE] INFO: IPsec-SA established: ESP/Tunnel 50.75.132.222->72.43.209.210 with spi=60109977(0x3953499)
Fri Dec 31 19:49:46 1999 (GMT -0500): [SRX5308] [IKE] INFO: IPsec-SA established: ESP/Tunnel 72.43.209.210->50.75.132.222 with spi=253437564(0xf1b267c)
Fri Dec 31 19:49:45 1999 (GMT -0500): [SRX5308] [IKE] INFO: IPsec-SA expired: ESP/Tunnel 72.43.209.210->50.75.132.222 with spi=108596094(0x6790b7e)
Fri Dec 31 19:49:45 1999 (GMT -0500): [SRX5308] [IKE] INFO: Initiating new phase 2 negotiation: 50.75.132.222[0]<=>72.43.209.210[0]
Fri Dec 31 19:49:45 1999 (GMT -0500): [SRX5308] [IKE] INFO: Configuration found for 72.43.209.210.
Fri Dec 31 19:49:45 1999 (GMT -0500): [SRX5308] [IKE] INFO: IPsec-SA expired: ESP/Tunnel 50.75.132.222->72.43.209.210 with spi=110442061(0x695364d)
Fri Dec 31 19:49:04 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:49:03 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.
Fri Dec 31 19:49:02 1999 (GMT -0500): [SRX5308] [IKE] ERROR: couldn't find configuration.

 

Troubleshooting

2 Replies

  • JohnC_V's avatar
    JohnC_V
    NETGEAR Employee Retired
    Aug 04, 2017

    Hi JeremyDirective,

     

    Welcome to the community!

     

    We can do basic troubleshooting on this issue. You may try to upgrade the firmware and the VPN client to latest version, then, please reset the firewall to factory default then try to reconfigure again the VPN. Let's see if that would fix the issue.

     

    Regards,

    • JohnC_V's avatar
      JohnC_V
      NETGEAR Employee Retired
      Aug 08, 2017

      JeremyDirective,

       

      I would like to have a follow up on this thread. Please let us know if everything works ok now or you still need further assistance.

       

      Regards,

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More