1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WRVS4400N VPN dropped packets

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by tsarles, Apr 7, 2010.

  1. tsarles

    tsarles Guest

    I'm trying to run a backup over VPN with a pair of WRVS4400N's. This however is failing repeatedly. Since this exact same operation works fine on the exact sam e hardware on the LAN, it leaves me only to blame the VPN. If I had to guess, I would bet that our backup software is not very tolorant of dropped packets. I believe the VPN uses UDP, is there any way to get TCP as an option to try to correct this?

    Or, if you believe my line of thinking is off base, I'm completely open to other suggestions.

    Here is the log. Failure with backup said to have occured at 6:22
    Code:
    All Log 
    Type:   ALL System Log ACL Log Firewall Log VPN Log    
    Apr 6 03:31:30 - [VPN Log]: "MinManPress" #66: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    Apr 6 03:31:30 - [VPN Log]: "MinManPress" #66: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    Apr 6 03:31:30 - [VPN Log]: "MinManPress" #66: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    Apr 6 03:31:30 - [VPN Log]: "MinManPress" #66: STATE_QUICK_R2: IPsec SA established {ESP=>0xa0d706b9 <0xbf5b07ee xfrm=3DES_0-HMAC_SHA1 NATD=96.236.129.48:500 DPD=none}
    Apr 6 04:18:42 - [VPN Log]: "MinManPress" #67: responding to Quick Mode {msgid:d4cb1f7f}
    Apr 6 04:18:43 - [VPN Log]: "MinManPress" #67: WARNING: calc_dh_shared(): for OAKLEY_GROUP_MODP768 took 247508 usec
    Apr 6 04:18:43 - [VPN Log]: "MinManPress" #67: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    Apr 6 04:18:43 - [VPN Log]: "MinManPress" #67: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    Apr 6 04:18:44 - [VPN Log]: "MinManPress" #67: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    Apr 6 04:18:44 - [VPN Log]: "MinManPress" #67: STATE_QUICK_R2: IPsec SA established {ESP=>0xa0d706ba <0xbf5b07ef xfrm=3DES_0-HMAC_SHA1 NATD=96.236.129.48:500 DPD=none}
    Apr 6 04:31:31 - [VPN Log]: "MinManPress" #64: received Delete SA(0xa0d706ba) payload: deleting IPSEC State #67
    Apr 6 04:31:31 - [VPN Log]: "MinManPress" #64: terminating SAs using this connection
    Apr 6 04:31:31 - [VPN Log]: "MinManPress" #67: deleting state (STATE_QUICK_R2)
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #64: deleting state (STATE_MAIN_I4)
    Apr 6 04:31:32 - [VPN Log]: packet from 96.236.129.48:500: received and ignored informational message
    Apr 6 04:31:32 - [VPN Log]: packet from 96.236.129.48:500: Informational Exchange is for an unknown (expired?) SA
    Apr 6 04:31:32 - [VPN Log]: packet from 96.236.129.48:500: Informational Exchange is for an unknown (expired?) SA
    Apr 6 04:31:32 - [VPN Log]: packet from 96.236.129.48:500: Informational Exchange is for an unknown (expired?) SA
    Apr 6 04:31:32 - [VPN Log]: initiate on demand from 192.168.2.101:0 to 192.168.1.100:0 proto=0 state: fos_start because: acquire
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: initiating Main Mode
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: received Vendor ID payload [Openswan (this version) cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: received Vendor ID payload [Dead Peer Detection]
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: received Vendor ID payload [RFC 3947] method set to=109
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: enabling possible NAT-traversal with method 3
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: STATE_MAIN_I2: sent MI2, expecting MR2
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: I did not send a certificate because I do not have one.
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: NAT-Traversal: Result using 3: no NAT detected
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: STATE_MAIN_I3: sent MI3, expecting MR3
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: Main mode peer ID is ID_IPV4_ADDR: '96.236.129.48'
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #68: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp768}
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #69: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK {using isakmp#68}
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #70: responding to Quick Mode {msgid:398b62b8}
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #70: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #70: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #69: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #69: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xa0d706bc <0xbf5b07f0 xfrm=3DES_0-HMAC_SHA1 NATD=96.236.129.48:500 DPD=none}
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #70: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    Apr 6 04:31:32 - [VPN Log]: "MinManPress" #70: STATE_QUICK_R2: IPsec SA established {ESP=>0xa0d706bb <0xbf5b07f1 xfrm=3DES_0-HMAC_SHA1 NATD=96.236.129.48:500 DPD=none}
    Apr 6 05:27:02 - [VPN Log]: "MinManPress" #71: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK to replace #70 {using isakmp#68}
    Apr 6 05:27:02 - [VPN Log]: "MinManPress" #71: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
    Apr 6 05:27:02 - [VPN Log]: "MinManPress" #71: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xa0d706bd <0xbf5b07f2 xfrm=3DES_0-HMAC_SHA1 NATD=96.236.129.48:500 DPD=none}
    Apr 6 05:31:32 - [VPN Log]: "MinManPress" #68: received Delete SA(0xa0d706bd) payload: deleting IPSEC State #71
    Apr 6 05:31:32 - [VPN Log]: "MinManPress" #68: terminating SAs using this connection
    Apr 6 05:31:32 - [VPN Log]: "MinManPress" #71: deleting state (STATE_QUICK_I2)
    Apr 6 05:31:32 - [VPN Log]: "MinManPress" #68: deleting state (STATE_MAIN_I4)
    Apr 6 05:31:32 - [VPN Log]: packet from 96.236.129.48:500: received and ignored informational message
    Apr 6 05:31:32 - [VPN Log]: packet from 96.236.129.48:500: Informational Exchange is for an unknown (expired?) SA
    Apr 6 05:31:32 - [VPN Log]: packet from 96.236.129.48:500: Informational Exchange is for an unknown (expired?) SA
    Apr 6 05:31:32 - [VPN Log]: packet from 96.236.129.48:500: Informational Exchange is for an unknown (expired?) SA
    Apr 6 06:20:30 - [VPN Log]: packet from 96.236.129.48:500: received Vendor ID payload [Openswan (this version) cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
    Apr 6 06:20:30 - [VPN Log]: packet from 96.236.129.48:500: received Vendor ID payload [Dead Peer Detection]
    Apr 6 06:20:30 - [VPN Log]: packet from 96.236.129.48:500: received Vendor ID payload [RFC 3947] method set to=109
    Apr 6 06:20:30 - [VPN Log]: packet from 96.236.129.48:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
    Apr 6 06:20:30 - [VPN Log]: packet from 96.236.129.48:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
    Apr 6 06:20:30 - [VPN Log]: packet from 96.236.129.48:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
    Apr 6 06:20:30 - [VPN Log]: "MinManPress" #72: responding to Main Mode
    Apr 6 06:20:30 - [VPN Log]: "MinManPress" #72: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    Apr 6 06:20:30 - [VPN Log]: "MinManPress" #72: STATE_MAIN_R1: sent MR1, expecting MI2
    Apr 6 06:20:30 - [VPN Log]: "MinManPress" #72: NAT-Traversal: Result using 3: no NAT detected
    Apr 6 06:20:30 - [VPN Log]: "MinManPress" #72: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
    Apr 6 06:20:30 - [VPN Log]: "MinManPress" #72: STATE_MAIN_R2: sent MR2, expecting MI3
    Apr 6 06:20:30 - [VPN Log]: "MinManPress" #72: Main mode peer ID is ID_IPV4_ADDR: '96.236.129.48'
    Apr 6 06:20:30 - [VPN Log]: "MinManPress" #72: I did not send a certificate because I do not have one.
    Apr 6 06:20:30 - [VPN Log]: "MinManPress" #72: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
    Apr 6 06:20:30 - [VPN Log]: "MinManPress" #72: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp768}
    Apr 6 06:20:31 - [VPN Log]: "MinManPress" #73: responding to Quick Mode {msgid:049553c4}
    Apr 6 06:20:31 - [VPN Log]: "MinManPress" #73: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    Apr 6 06:20:31 - [VPN Log]: "MinManPress" #73: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    Apr 6 06:20:31 - [VPN Log]: "MinManPress" #73: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    Apr 6 06:20:31 - [VPN Log]: "MinManPress" #73: STATE_QUICK_R2: IPsec SA established {ESP=>0xb44e18e0 <0xbf5b07f3 xfrm=3DES_0-HMAC_SHA1 NATD=96.236.129.48:500 DPD=none}
    Apr 6 06:29:35 - [VPN Log]: "MinManPress" #72: received Delete SA(0xb44e18e0) payload: deleting IPSEC State #73
    Apr 6 06:29:35 - [VPN Log]: "MinManPress" #72: terminating SAs using this connection
    Apr 6 06:29:35 - [VPN Log]: "MinManPress" #73: deleting state (STATE_QUICK_R2)
    Apr 6 06:29:35 - [VPN Log]: "MinManPress" #72: deleting state (STATE_MAIN_R3)
    Apr 6 06:29:35 - [VPN Log]: packet from 96.236.129.48:500: received and ignored informational message
    Apr 6 06:29:35 - [VPN Log]: packet from 96.236.129.48:500: Informational Exchange is for an unknown (expired?) SA
    Apr 6 06:29:40 - [VPN Log]: packet from 96.236.129.48:500: received Vendor ID payload [Openswan (this version) cvs2006Jan12_11:29:56 X.509-1.5.4 PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR]
    Apr 6 06:29:40 - [VPN Log]: packet from 96.236.129.48:500: received Vendor ID payload [Dead Peer Detection]
    Apr 6 06:29:40 - [VPN Log]: packet from 96.236.129.48:500: received Vendor ID payload [RFC 3947] method set to=109
    Apr 6 06:29:40 - [VPN Log]: packet from 96.236.129.48:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
    Apr 6 06:29:40 - [VPN Log]: packet from 96.236.129.48:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
    Apr 6 06:29:40 - [VPN Log]: packet from 96.236.129.48:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #74: responding to Main Mode
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #74: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #74: STATE_MAIN_R1: sent MR1, expecting MI2
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #74: NAT-Traversal: Result using 3: no NAT detected
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #74: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #74: STATE_MAIN_R2: sent MR2, expecting MI3
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #74: Main mode peer ID is ID_IPV4_ADDR: '96.236.129.48'
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #74: I did not send a certificate because I do not have one.
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #74: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #74: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp768}
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #75: responding to Quick Mode {msgid:82c83776}
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #75: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
    Apr 6 06:29:40 - [VPN Log]: "MinManPress" #75: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
    Apr 6 06:29:41 - [VPN Log]: "MinManPress" #75: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
    Apr 6 06:29:41 - [VPN Log]: "MinManPress" #75: STATE_QUICK_R2: IPsec SA established {ESP=>0x9ac6d49c <0xbf5b07f4 xfrm=3DES_0-HMAC_SHA1 NATD=96.236.129.48:500 DPD=none}  
    
     

Share This Page