NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
VPN between 2 netgear routers keeps dropping
I am trying to set up a stable VPN tunnel between an FVS318G on one site, and an SRX5308 at another site. Both are connected to Xfinity modems, and both have stable internet connections, the SRX has ...
It gets weirder:
While I was writing the post above, the problem fixed itself !! I am posting below the log from the SRX. As you can see after a lengthy negotiation, the SRX ended up again with tunnels between the WAN addresses of the boxes, and lo and bhold, I can access data again. So, why would the SRX switch from the WAN address to the LAN address? I don't know too little about the intricacies of the VPN negotiations to follow the log from where it lost the WAN address to where it corrected itself, but someone must have seen this before. What is the problem here?
I have to split the log into 2 posts, as there is a limit on length.
Sat Oct 07 13:25:42 2017 (GMT -0600): [SRX5308] [IKE] INFO: an undead schedule has been deleted: 'pk_recvupdate'.
Sat Oct 07 13:25:42 2017 (GMT -0600): [SRX5308] [IKE] INFO: Sending Informational Exchange: delete payload[]
Sat Oct 07 13:25:42 2017 (GMT -0600): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel ** ext IP SRX **->** ext IP FVS318 ** with spi=4365434(0x429c7a)
Sat Oct 07 13:25:42 2017 (GMT -0600): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel ** ext IP FVS318 **->** ext IP SRX ** with spi=131648604(0x7d8cc5c)
Sat Oct 07 13:25:42 2017 (GMT -0600): [SRX5308] [IKE] INFO: Using IPsec SA configuration: xxx.xxx.3.0/24<->xxx.xxx.0.1/24
Sat Oct 07 13:25:42 2017 (GMT -0600): [SRX5308] [IKE] INFO: Responding to new phase 2 negotiation: ** ext IP SRX **[0]<=>** ext IP FVS318 **[0]
Sat Oct 07 13:25:41 2017 (GMT -0600): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel ** ext IP SRX **->** ext IP FVS318 ** with spi=153273464(0x922c478)
Sat Oct 07 13:25:41 2017 (GMT -0600): [SRX5308] [IKE] INFO: [IPSEC_VPN] IPsec-SA established: ESP/Tunnel ** ext IP FVS318 **->** ext IP SRX ** with spi=116393517(0x6f0062d)
Sat Oct 07 13:25:40 2017 (GMT -0600): [SRX5308] [IKE] INFO: Initiating new phase 2 negotiation: ** ext IP SRX **[0]<=>** ext IP FVS318 **[0]
Sat Oct 07 13:25:40 2017 (GMT -0600): [SRX5308] [IKE] INFO: Sending Informational Exchange: notify payload[INITIAL-CONTACT]
Sat Oct 07 13:25:40 2017 (GMT -0600): [SRX5308] [IKE] INFO: ISAKMP-SA established for ** ext IP SRX **[500]-** ext IP FVS318 **[500] with spi:070ddfe8d3a00374:177ee617632b23e6
Sat Oct 07 13:25:39 2017 (GMT -0600): [SRX5308] [IKE] INFO: NAT not detected
Sat Oct 07 13:25:39 2017 (GMT -0600): [SRX5308] [IKE] INFO: NAT-D payload matches for ** ext IP FVS318 **[500]
Sat Oct 07 13:25:39 2017 (GMT -0600): [SRX5308] [IKE] INFO: NAT-D payload matches for ** ext IP SRX **[500]
Sat Oct 07 13:25:39 2017 (GMT -0600): [SRX5308] [IKE] INFO: Received Vendor ID: KAME/racoon
Sat Oct 07 13:25:39 2017 (GMT -0600): [SRX5308] [IKE] INFO: For ** ext IP FVS318 **[500], Selected NAT-T version: RFC XXXX
Sat Oct 07 13:25:39 2017 (GMT -0600): [SRX5308] [IKE] INFO: Received Vendor ID: KAME/racoon
Sat Oct 07 13:25:39 2017 (GMT -0600): [SRX5308] [IKE] INFO: Received Vendor ID: DPD
Sat Oct 07 13:25:39 2017 (GMT -0600): [SRX5308] [IKE] INFO: Received Vendor ID: RFC XXXX
Sat Oct 07 13:25:38 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 9
Sat Oct 07 13:25:38 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 8
Sat Oct 07 13:25:38 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 4
Sat Oct 07 13:25:38 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:186]: XXX: NUMNATTVENDORIDS: 3
Sat Oct 07 13:25:38 2017 (GMT -0600): [SRX5308] [IKE] INFO: Beginning Identity Protection mode.
Sat Oct 07 13:25:38 2017 (GMT -0600): [SRX5308] [IKE] INFO: Initiating new phase 1 negotiation: ** ext IP SRX **[500]<=>** ext IP FVS318 **[500]
Sat Oct 07 13:25:38 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:25:38 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:25:38 2017 (GMT -0600): [SRX5308] [IKE] INFO: Using IPsec SA configuration: xxx.xxx.3.0/24<->xxx.xxx.0.1/24
Sat Oct 07 13:23:53 2017 (GMT -0600): [SRX5308] [IKE] ERROR: Phase 1 negotiation failed due to time up for ** ext IP FVS318 **[500]. 6445c7b073ed5d55:0000000000000000
Sat Oct 07 13:23:50 2017 (GMT -0600): [SRX5308] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP ** ext IP FVS318 **->** ext IP SRX **
Sat Oct 07 13:23:18 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:23:18 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:23:18 2017 (GMT -0600): [SRX5308] [IKE] INFO: Using IPsec SA configuration: xxx.xxx.3.0/24<->xxx.xxx.0.1/24
Sat Oct 07 13:22:34 2017 (GMT -0600): [SRX5308] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP ** ext IP FVS318 **->** ext IP SRX **
Sat Oct 07 13:22:03 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 9
Sat Oct 07 13:22:03 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 8
Sat Oct 07 13:22:03 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 4
Sat Oct 07 13:22:03 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:186]: XXX: NUMNATTVENDORIDS: 3
Sat Oct 07 13:22:03 2017 (GMT -0600): [SRX5308] [IKE] INFO: Beginning Identity Protection mode.
Sat Oct 07 13:22:03 2017 (GMT -0600): [SRX5308] [IKE] INFO: Initiating new phase 1 negotiation: ** ext IP SRX **[500]<=>** ext IP FVS318 **[500]
Sat Oct 07 13:22:03 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:22:03 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:22:03 2017 (GMT -0600): [SRX5308] [IKE] INFO: Using IPsec SA configuration: xxx.xxx.3.0/24<->xxx.xxx.0.1/24
Sat Oct 07 13:21:22 2017 (GMT -0600): [SRX5308] [IKE] ERROR: Phase 1 negotiation failed due to time up for ** ext IP FVS318 **[500]. ae10131a098e29dd:0000000000000000
Sat Oct 07 13:21:16 2017 (GMT -0600): [SRX5308] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP ** ext IP FVS318 **->** ext IP SRX **
Sat Oct 07 13:20:45 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:20:45 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:20:45 2017 (GMT -0600): [SRX5308] [IKE] INFO: Using IPsec SA configuration: xxx.xxx.3.0/24<->xxx.xxx.0.1/24
Sat Oct 07 13:20:05 2017 (GMT -0600): [SRX5308] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP ** ext IP FVS318 **->** ext IP SRX **
Sat Oct 07 13:19:32 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 9
Sat Oct 07 13:19:32 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 8
Sat Oct 07 13:19:32 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 4
Sat Oct 07 13:19:32 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:186]: XXX: NUMNATTVENDORIDS: 3
Sat Oct 07 13:19:32 2017 (GMT -0600): [SRX5308] [IKE] INFO: Beginning Identity Protection mode.
Sat Oct 07 13:19:32 2017 (GMT -0600): [SRX5308] [IKE] INFO: Initiating new phase 1 negotiation: ** ext IP SRX **[500]<=>** ext IP FVS318 **[500]
Sat Oct 07 13:19:32 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:19:32 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:19:32 2017 (GMT -0600): [SRX5308] [IKE] INFO: Using IPsec SA configuration: xxx.xxx.3.0/24<->xxx.xxx.0.1/24
Sat Oct 07 13:18:52 2017 (GMT -0600): [SRX5308] [IKE] ERROR: Phase 1 negotiation failed due to time up for ** ext IP FVS318 **[500]. 12973c2b18d0bc41:0000000000000000
Sat Oct 07 13:18:48 2017 (GMT -0600): [SRX5308] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP ** ext IP FVS318 **->** ext IP SRX **
Sat Oct 07 13:18:17 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:18:17 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:18:17 2017 (GMT -0600): [SRX5308] [IKE] INFO: Using IPsec SA configuration: xxx.xxx.3.0/24<->xxx.xxx.0.1/24
Sat Oct 07 13:17:33 2017 (GMT -0600): [SRX5308] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP ** ext IP FVS318 **->** ext IP SRX **
Sat Oct 07 13:17:02 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 9
Sat Oct 07 13:17:02 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 8
Sat Oct 07 13:17:02 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:190]: XXX: setting vendorid: 4
Sat Oct 07 13:17:02 2017 (GMT -0600): [SRX5308] [IKE] INFO: [isakmp_ident.c:186]: XXX: NUMNATTVENDORIDS: 3
Sat Oct 07 13:17:02 2017 (GMT -0600): [SRX5308] [IKE] INFO: Beginning Identity Protection mode.
Sat Oct 07 13:17:02 2017 (GMT -0600): [SRX5308] [IKE] INFO: Initiating new phase 1 negotiation: ** ext IP SRX **[500]<=>** ext IP FVS318 **[500]
Sat Oct 07 13:17:02 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:17:02 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:17:02 2017 (GMT -0600): [SRX5308] [IKE] INFO: Using IPsec SA configuration: xxx.xxx.3.0/24<->xxx.xxx.0.1/24
Sat Oct 07 13:16:46 2017 (GMT -0600): [SRX5308] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP ** ext IP FVS318 **->** ext IP SRX **
Sat Oct 07 13:16:21 2017 (GMT -0600): [SRX5308] [IKE] ERROR: Phase 1 negotiation failed due to time up for ** ext IP FVS318 **[500]. 6603935be3437384:0000000000000000
Sat Oct 07 13:16:14 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:16:14 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:16:14 2017 (GMT -0600): [SRX5308] [IKE] INFO: Using IPsec SA configuration: xxx.xxx.3.0/24<->xxx.xxx.0.1/24
Sat Oct 07 13:16:09 2017 (GMT -0600): [SRX5308] [IKE] ERROR: Phase 2 negotiation failed due to time up waiting for phase1. ESP ** ext IP FVS318 **->** ext IP SRX **
Sat Oct 07 13:15:38 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:15:38 2017 (GMT -0600): [SRX5308] [IKE] INFO: remote configuration for identifier "** myDomainName **" found
Sat Oct 07 13:15:38 2017 (GMT -0600): [SRX5308] [IKE] INFO: Using IPsec SA configuration: xxx.xxx.3.0/24<->xxx.xxx.0.1/24
Continued in next post.
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
