No traffic although Tunnel up – only tunnel reset helps



  • Hello forum,

    My Problem:
    I'm moving our 60 Customer IPsec VPN from Cisco ASA to pfSense.
    The first 40 tunnels which I configure on the pfsense worked good in sense of config and stable connection. Since i have more than those, from time to time some tunnels are unstable and i can't get traffic through although the tunnels are up. Only when i shut down the tunnel manually and initiate a new connection it works fine again (for a while).

    2.3.2-RELEASE (amd64)
    FreeBSD 10.3-RELEASE-p5
    Nodes/Networks: 264

    I explain with more details:

    • Some tunnels coming up but after some time I get Network error. Only resetting the tunnel helps to reconnect to the host. I also noticed that after 10 or 15 min i get a Network error (tunnel still up) and after a while (10 or 15 min) connection works without restart the tunnel.

    • Some tunnels are already up from the day before but I don’t get any connection – resetting the tunnel fix the tunnel and the traffic temporaly (This can be an issue of have the "Disable rekey" not enabled). I enabled this option on few tunnel. It makes it better but not without problem (so for me not really satisfying) .

    • Under Status/IPsec/Overview I see on a established tunnels with traffic only p1 and not the option "show child SA entries" (see attachement gzo)

    • I have a tunnel which i can't connect. The tunnel is down but i see that something is trying to establish the tunnel.
      When i want to connect to the host, i can't connect and tunnel remains down. (see attachement iic)

    If you need any config or further details let me know and i provide them.

    Many thanks for the help.





  • I did an other observation:

    the tunnel is down (as i see on the remote site) but on the pfSense under Status / IPsec / Overview i see the tunnel up but only outgoing traffic.
    The connection was ok for about 29h then randomly could not access anymore to the host. resetting the tunnel helped to bring it to work again.
    does anybody have any suggestion where i can start searching for this issue?

    Many thanks for the help!



  • I assume you mean you want 60 IKE channels, what about IPSec (child SA) tunnels, I assume each endpoint may have more than one?

    What do the logs say when the channel is connected correctly?
    What do they say when the tunnel is down?
    Are both of your endpoints PfSense?
    When does the channel become unstable, after the 8 hour default re-authentication or just at any time?

    If it is only some IKE channels being effected and all are configured the same (at the PfSense end) then it might suggest other endpoint might have some configuration issues (old ACLs etc causing issues). In the past I have found it easier to completely rebuild some endpoints to make sure old configurations weren't causing an issue.



  • Many thanks for the replay KDog!

    you assume right. I have 60 IKE and each of them has at least one IPsec (child SA).

    What do the logs say when the channel is connected correctly?

    I see this below when the tunnel is established. Afther this, I don't see any entries. Traffic is not loged. You need this logs? so i can enable the traffic log and poste them here.

    Nov 10 08:55:59	charon		12[IKE] <con30000|107578> nothing to initiate
    Nov 10 08:55:59	charon		12[IKE] <con30000|107578> activating new tasks
    Nov 10 08:55:59	charon		12[NET] <con30000|107578> sending packet: from x.x.x.x[500] to z.z.z.z[500] (60 bytes)
    Nov 10 08:55:59	charon		12[ENC] <con30000|107578> generating QUICK_MODE request 712735909 [ HASH ]
    Nov 10 08:55:59	charon		12[IKE] <con30000|107578> QUICK_MODE task
    Nov 10 08:55:59	charon		12[IKE] <con30000|107578> reinitiating already active tasks
    Nov 10 08:55:59	charon		12[IKE] <con30000|107578> CHILD_SA con30001{67915} established with SPIs c5fb3c1f_i dabee873_o and TS y.y.y.y/24|w.w.w.w/32 === 10.20.200.0/24|/0
    Nov 10 08:55:59	charon		12[CHD] <con30000|107578> SPI 0xdabee873, src x.x.x.x dst z.z.z.z
    Nov 10 08:55:59	charon		12[CHD] <con30000|107578> adding outbound ESP SA
    Nov 10 08:55:59	charon		12[CHD] <con30000|107578> SPI 0xc5fb3c1f, src z.z.z.z dst x.x.x.x
    Nov 10 08:55:59	charon		12[CHD] <con30000|107578> adding inbound ESP SA
    Nov 10 08:55:59	charon		12[CHD] <con30000|107578> using HMAC_SHA1_96 for integrity
    Nov 10 08:55:59	charon		12[CHD] <con30000|107578> using AES_CBC for encryption
    Nov 10 08:55:59	charon		12[CFG] <con30000|107578> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
    Nov 10 08:55:59	charon		12[CFG] <con30000|107578> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ, ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
    Nov 10 08:55:59	charon		12[CFG] <con30000|107578> received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
    Nov 10 08:55:59	charon		12[CFG] <con30000|107578> proposal matches
    Nov 10 08:55:59	charon		12[CFG] <con30000|107578> selecting proposal:
    Nov 10 08:55:59	charon		12[ENC] <con30000|107578> parsed QUICK_MODE response 712735909 [ HASH SA No ID ID ]
    Nov 10 08:55:59	charon		12[NET] <con30000|107578> received packet: from z.z.z.z[500] to x.x.x.x[500] (172 bytes)
    Nov 10 08:55:59	charon		11[NET] <con30000|107578> sending packet: from x.x.x.x[500] to z.z.z.z[500] (188 bytes)
    Nov 10 08:55:59	charon		11[ENC] <con30000|107578> generating QUICK_MODE request 712735909 [ HASH SA No ID ID ]
    Nov 10 08:55:59	charon		11[CFG] <con30000|107578> 10.20.200.0/24|/0
    Nov 10 08:55:59	charon		11[CFG] <con30000|107578> proposing traffic selectors for other:
    Nov 10 08:55:59	charon		11[CFG] <con30000|107578> y.y.y.y/24|w.w.w.w/32
    Nov 10 08:55:59	charon		11[CFG] <con30000|107578> proposing traffic selectors for us:
    Nov 10 08:55:59	charon		11[CFG] <con30000|107578> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
    Nov 10 08:55:59	charon		11[CFG] <con30000|107578> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/NO_EXT_SEQ
    Nov 10 08:55:59	charon		11[IKE] <con30000|107578> activating QUICK_MODE task
    Nov 10 08:55:59	charon		11[IKE] <con30000|107578> activating new tasks
    Nov 10 08:55:59	charon		11[IKE] <con30000|107578> DPD not supported by peer, disabled
    Nov 10 08:55:59	charon		11[IKE] <con30000|107578> maximum IKE_SA lifetime 86199s
    Nov 10 08:55:59	charon		11[IKE] <con30000|107578> scheduling reauthentication in 85659s
    Nov 10 08:55:59	charon		11[IKE] <con30000|107578> IKE_SA con30000[107578] state change: CONNECTING => ESTABLISHED
    Nov 10 08:55:59	charon		11[IKE] <con30000|107578> IKE_SA con30000[107578] established between x.x.x.x[172.23.103.5]...z.z.z.z[z.z.z.z]
    Nov 10 08:55:59	charon		11[ENC] <con30000|107578> parsed ID_PROT response 0 [ ID HASH ]
    Nov 10 08:55:59	charon		11[NET] <con30000|107578> received packet: from z.z.z.z[500] to x.x.x.x[500] (76 bytes)
    Nov 10 08:55:59	charon		15[NET] <con30000|107578> sending packet: from x.x.x.x[500] to z.z.z.z[500] (108 bytes)
    Nov 10 08:55:59	charon		15[ENC] <con30000|107578> generating ID_PROT request 0 [ ID HASH N(INITIAL_CONTACT) ]
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> MAIN_MODE task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> ISAKMP_VENDOR task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> reinitiating already active tasks
    Nov 10 08:55:59	charon		15[ENC] <con30000|107578> parsed ID_PROT response 0 [ KE No ]
    Nov 10 08:55:59	charon		15[NET] <con30000|107578> received packet: from z.z.z.z[500] to x.x.x.x[500] (184 bytes)
    Nov 10 08:55:59	charon		15[NET] <con30000|107578> sending packet: from x.x.x.x[500] to z.z.z.z[500] (196 bytes)
    Nov 10 08:55:59	charon		15[ENC] <con30000|107578> generating ID_PROT request 0 [ KE No ]
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> MAIN_MODE task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> ISAKMP_VENDOR task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> reinitiating already active tasks
    Nov 10 08:55:59	charon		15[CFG] <con30000|107578> selected proposal: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Nov 10 08:55:59	charon		15[CFG] <con30000|107578> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Nov 10 08:55:59	charon		15[CFG] <con30000|107578> received proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Nov 10 08:55:59	charon		15[CFG] <con30000|107578> proposal matches
    Nov 10 08:55:59	charon		15[CFG] <con30000|107578> selecting proposal:
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> received FRAGMENTATION vendor ID
    Nov 10 08:55:59	charon		15[ENC] <con30000|107578> parsed ID_PROT response 0 [ SA V ]
    Nov 10 08:55:59	charon		15[NET] <con30000|107578> received packet: from z.z.z.z[500] to x.x.x.x[500] (108 bytes)
    Nov 10 08:55:59	charon		15[NET] <con30000|107578> sending packet: from x.x.x.x[500] to z.z.z.z[500] (184 bytes)
    Nov 10 08:55:59	charon		15[ENC] <con30000|107578> generating ID_PROT request 0 [ SA V V V V V ]
    Nov 10 08:55:59	charon		15[CFG] <con30000|107578> configured proposals: IKE:AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> IKE_SA con30000[107578] state change: CREATED => CONNECTING
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> initiating Main Mode IKE_SA con30000[107578] to z.z.z.z
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> sending draft-ietf-ipsec-nat-t-ike-02\n vendor ID
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> sending NAT-T (RFC 3947) vendor ID
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> sending FRAGMENTATION vendor ID
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> sending DPD vendor ID
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> sending XAuth vendor ID
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> activating ISAKMP_NATD task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> activating ISAKMP_CERT_POST task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> activating MAIN_MODE task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> activating ISAKMP_CERT_PRE task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> activating ISAKMP_VENDOR task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> activating new tasks
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> queueing QUICK_MODE task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> queueing ISAKMP_NATD task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> queueing ISAKMP_CERT_POST task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> queueing MAIN_MODE task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> queueing ISAKMP_CERT_PRE task
    Nov 10 08:55:59	charon		15[IKE] <con30000|107578> queueing ISAKMP_VENDOR task</con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578></con30000|107578>
    

    What do they say when the tunnel is down?

    On this particulary tunnel they send keep alive (i did a new post https://forum.pfsense.org/index.php?topic=120811.0 )
    beside this, when the tunnel is down but i see it up i see this: sending retransmit. Google says that is an issue of the"rekey" option. In my case some tunnels works better with checked "disabel rekey" some works better without checked "disable rekey". Also i tried to look if DPD was a problem…but can't say with eccuracy if helped.

    Are both of your endpoints PfSense?

    No, none of them uses pfSense. Endpoint have different manufacturer as Cisco ASA, Check Point, Sonicwall and so one.

    When does the channel become unstable, after the 8 hour default re-authentication or just at any time?

    It happen randomely. I really can't tell you what is the trigger what makes them unstable. Some tunnel get instable after Minutes, some after hours on utilizing again the tunnel. as i mencioned, the reconnect wont work untill i restart the tunnel manualy.

    If it is only some IKE channels being effected and all are configured the same (at the PfSense end) then it might suggest other endpoint might have some configuration issues (old ACLs etc causing issues). In the past I have found it easier to completely rebuild some endpoints to make sure old configurations weren't causing an issue.

    I tried this option several times but without success. And now nearly every tunnel has some issue, exepcionaly 3 or 4 worke good. So i decided to change the most affected tunnel back to Cisco ASA.

    About the old ACLs etc causing issue… i saw in pfsense the option to "configure Unique Ids as" under VPN / Ipsec / Advanced Settings, you think this may cause issues as well? At the moment is configured default as "YES"


  • Netgate

    the tunnel is down (as i see on the remote site) but on the pfSense under Status / IPsec / Overview i see the tunnel up but only outgoing traffic.

    Why did the other side drop the tunnel? What is in the logs there? What hardware is on the other side?

    Is DPD enabled on that tunnel?

    I would concentrate on one tunnel that is problematic.



  • Why did the other side drop the tunnel? What is in the logs there?

    on the ASA i saw this log after the tunnel went down:

    4|Nov 10 2016|14:07:27|113019|||||Group = r.r.r.r, Username = r.r.r.r, IP = r.r.r.r, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:30m:25s, Bytes xmt: 406, Bytes rcv: 408, Reason: Idle Timeout
    

    i dont get it why the session terminates only after 30min 25s when the livetime is of 600s.
    also i ask me why pfsense sends keep alive and why will tried 3 times to keep the tunnel alive.

    here are the logs on the oter end (HW: Cisco ASA 5505):

    6|Nov 10 2016|14:09:29|302016|r.r.r.r|4500|x.x.x.x|4500|Teardown UDP connection 26009 for Internet_Network:r.r.r.r/4500 to identity:x.x.x.x/4500 duration 0:32:27 bytes 9869
    6|Nov 10 2016|14:08:07|106015|z.z.z.z|49446|x.x.x.x|443|Deny TCP (no connection) from z.z.z.z/49446 to x.x.x.x/443 flags FIN ACK  on interface Internet_Network
    6|Nov 10 2016|14:08:07|302014|z.z.z.z|49446|x.x.x.x|443|Teardown TCP connection 26016 for Internet_Network:z.z.z.z/49446 to identity:x.x.x.x/443 duration 0:00:00 bytes 393 TCP Reset-O
    6|Nov 10 2016|14:08:07|725007|z.z.z.z|49446|||SSL session with client Internet_Network:z.z.z.z/49446 terminated.
    6|Nov 10 2016|14:08:07|605005|z.z.z.z|49446|x.x.x.x|https|Login permitted from z.z.z.z/49446 to Internet_Network:x.x.x.x/https for user "enable_15"
    6|Nov 10 2016|14:08:07|725002|z.z.z.z|49446|||Device completed SSL handshake with client Internet_Network:z.z.z.z/49446
    6|Nov 10 2016|14:08:07|725003|z.z.z.z|49446|||SSL client Internet_Network:z.z.z.z/49446 request to resume previous session.
    6|Nov 10 2016|14:08:07|725001|z.z.z.z|49446|||Starting SSL handshake with client Internet_Network:z.z.z.z/49446 for TLSv1 session.
    6|Nov 10 2016|14:08:07|302013|z.z.z.z|49446|x.x.x.x|443|Built inbound TCP connection 26016 for Internet_Network:z.z.z.z/49446 (z.z.z.z/49446) to identity:x.x.x.x/443 (x.x.x.x/443)
    6|Nov 10 2016|14:08:07|106015|z.z.z.z|49445|x.x.x.x|443|Deny TCP (no connection) from z.z.z.z/49445 to x.x.x.x/443 flags FIN ACK  on interface Internet_Network
    6|Nov 10 2016|14:08:07|302014|z.z.z.z|49445|x.x.x.x|443|Teardown TCP connection 26015 for Internet_Network:z.z.z.z/49445 to identity:x.x.x.x/443 duration 0:00:00 bytes 1161 TCP Reset-O
    6|Nov 10 2016|14:08:07|725007|z.z.z.z|49445|||SSL session with client Internet_Network:z.z.z.z/49445 terminated.
    6|Nov 10 2016|14:08:07|605005|z.z.z.z|49445|x.x.x.x|https|Login permitted from z.z.z.z/49445 to Internet_Network:x.x.x.x/https for user "enable_15"
    6|Nov 10 2016|14:08:07|725002|z.z.z.z|49445|||Device completed SSL handshake with client Internet_Network:z.z.z.z/49445
    6|Nov 10 2016|14:08:07|725003|z.z.z.z|49445|||SSL client Internet_Network:z.z.z.z/49445 request to resume previous session.
    6|Nov 10 2016|14:08:07|725001|z.z.z.z|49445|||Starting SSL handshake with client Internet_Network:z.z.z.z/49445 for TLSv1 session.
    6|Nov 10 2016|14:08:07|302013|z.z.z.z|49445|x.x.x.x|443|Built inbound TCP connection 26015 for Internet_Network:z.z.z.z/49445 (z.z.z.z/49445) to identity:x.x.x.x/443 (x.x.x.x/443)
    6|Nov 10 2016|14:08:07|106015|z.z.z.z|49444|x.x.x.x|443|Deny TCP (no connection) from z.z.z.z/49444 to x.x.x.x/443 flags FIN ACK  on interface Internet_Network
    6|Nov 10 2016|14:08:07|302014|z.z.z.z|49444|x.x.x.x|443|Teardown TCP connection 26014 for Internet_Network:z.z.z.z/49444 to identity:x.x.x.x/443 duration 0:00:00 bytes 1294 TCP Reset-O
    6|Nov 10 2016|14:08:07|725007|z.z.z.z|49444|||SSL session with client Internet_Network:z.z.z.z/49444 terminated.
    6|Nov 10 2016|14:08:07|605005|z.z.z.z|49444|x.x.x.x|https|Login permitted from z.z.z.z/49444 to Internet_Network:x.x.x.x/https for user "enable_15"
    6|Nov 10 2016|14:08:07|725002|z.z.z.z|49444|||Device completed SSL handshake with client Internet_Network:z.z.z.z/49444
    6|Nov 10 2016|14:08:07|106015|z.z.z.z|49443|x.x.x.x|443|Deny TCP (no connection) from z.z.z.z/49443 to x.x.x.x/443 flags FIN ACK  on interface Internet_Network
    6|Nov 10 2016|14:08:07|302014|z.z.z.z|49443|x.x.x.x|443|Teardown TCP connection 26013 for Internet_Network:z.z.z.z/49443 to identity:x.x.x.x/443 duration 0:00:00 bytes 2062 TCP Reset-O
    6|Nov 10 2016|14:08:07|725007|z.z.z.z|49443|||SSL session with client Internet_Network:z.z.z.z/49443 terminated.
    6|Nov 10 2016|14:08:07|605005|z.z.z.z|49443|x.x.x.x|https|Login permitted from z.z.z.z/49443 to Internet_Network:x.x.x.x/https for user "enable_15"
    6|Nov 10 2016|14:08:07|725002|z.z.z.z|49443|||Device completed SSL handshake with client Internet_Network:z.z.z.z/49443
    6|Nov 10 2016|14:08:07|725001|z.z.z.z|49444|||Starting SSL handshake with client Internet_Network:z.z.z.z/49444 for TLSv1 session.
    6|Nov 10 2016|14:08:07|302013|z.z.z.z|49444|x.x.x.x|443|Built inbound TCP connection 26014 for Internet_Network:z.z.z.z/49444 (z.z.z.z/49444) to identity:x.x.x.x/443 (x.x.x.x/443)
    6|Nov 10 2016|14:08:07|725001|z.z.z.z|49443|||Starting SSL handshake with client Internet_Network:z.z.z.z/49443 for TLSv1 session.
    6|Nov 10 2016|14:08:07|302013|z.z.z.z|49443|x.x.x.x|443|Built inbound TCP connection 26013 for Internet_Network:z.z.z.z/49443 (z.z.z.z/49443) to identity:x.x.x.x/443 (x.x.x.x/443)
    2|Nov 10 2016|14:07:57|321006|||||System Memory usage reached 87%
    6|Nov 10 2016|14:07:27|602304|||||IPSEC: An inbound LAN-to-LAN SA (SPI= 0x5502FDDA) between r.r.r.r and x.x.x.x (user= r.r.r.r) has been deleted.
    6|Nov 10 2016|14:07:27|602304|||||IPSEC: An outbound LAN-to-LAN SA (SPI= 0xC849C2F7) between x.x.x.x and r.r.r.r (user= r.r.r.r) has been deleted.
    5|Nov 10 2016|14:07:27|713050|||||Group = r.r.r.r, IP = r.r.r.r, Connection terminated for peer r.r.r.r.  Reason: IPSec SA Idle Timeout  Remote Proxy n.n.n.n, Local Proxy s.s.s.s
    4|Nov 10 2016|14:07:27|113019|||||Group = r.r.r.r, Username = r.r.r.r, IP = r.r.r.r, Session disconnected. Session Type: LAN-to-LAN, Duration: 0h:30m:25s, Bytes xmt: 406, Bytes rcv: 408, Reason: Idle Timeout
    5|Nov 10 2016|14:07:27|713259|||||Group = r.r.r.r, IP = r.r.r.r, Session is being torn down. Reason: Idle Timeout
    5|Nov 10 2016|14:07:02|713119|||||Group = r.r.r.r, IP = r.r.r.r, PHASE 1 COMPLETED
    6|Nov 10 2016|14:07:02|713172|||||Group = r.r.r.r, IP = r.r.r.r, Automatic NAT Detection Status:     Remote end   IS   behind a NAT device     This   end   IS   behind a NAT device
    5|Nov 10 2016|14:07:02|713041|||||IP = r.r.r.r, IKE Initiator: Rekeying Phase 1, Intf Internet_Network, IKE Peer r.r.r.r  local Proxy Address 0.0.0.0, remote Proxy Address 0.0.0.0,  Crypto map (N/A)
    6|Nov 10 2016|14:03:31|302010|||||3 in use, 9 most used
    6|Nov 10 2016|14:03:02|602304|||||IPSEC: An inbound LAN-to-LAN SA (SPI= 0xA6CD8BE9) between r.r.r.r and x.x.x.x (user= r.r.r.r) has been deleted.
    6|Nov 10 2016|14:03:02|602304|||||IPSEC: An outbound LAN-to-LAN SA (SPI= 0xCC5FECED) between x.x.x.x and r.r.r.r (user= r.r.r.r) has been deleted.
    2|Nov 10 2016|14:02:57|321006|||||System Memory usage reached 87%
    3|Nov 10 2016|14:02:37|313001|a.a.a.a||||Denied ICMP type=9, code=0 from a.a.a.a on interface Endpoint_Network
    5|Nov 10 2016|14:02:32|713120|||||Group = r.r.r.r, IP = r.r.r.r, PHASE 2 COMPLETED (msgid=8e8ff814)
    6|Nov 10 2016|14:02:32|602303|||||IPSEC: An inbound LAN-to-LAN SA (SPI= 0x5502FDDA) between x.x.x.x and r.r.r.r (user= r.r.r.r) has been created.
    5|Nov 10 2016|14:02:32|713049|||||Group = r.r.r.r, IP = r.r.r.r, Security negotiation complete for LAN-to-LAN Group (r.r.r.r)  Initiator, Inbound SPI = 0x5502fdda, Outbound SPI = 0xc849c2f7
    6|Nov 10 2016|14:02:32|602303|||||IPSEC: An outbound LAN-to-LAN SA (SPI= 0xC849C2F7) between x.x.x.x and r.r.r.r (user= r.r.r.r) has been created.
    5|Nov 10 2016|14:02:32|713041|||||Group = r.r.r.r, IP = r.r.r.r, IKE Initiator: Rekeying Phase 2, Intf Internet_Network, IKE Peer r.r.r.r  local Proxy Address s.s.s.s, remote Proxy Address n.n.n.n,  Crypto map (Internet_Network_map)
    5|Nov 10 2016|13:59:32|713119|||||Group = r.r.r.r, IP = r.r.r.r, PHASE 1 COMPLETED
    6|Nov 10 2016|13:59:32|713172|||||Group = r.r.r.r, IP = r.r.r.r, Automatic NAT Detection Status:     Remote end   IS   behind a NAT device     This   end   IS   behind a NAT device
    5|Nov 10 2016|13:59:32|713041|||||IP = r.r.r.r, IKE Initiator: Rekeying Phase 1, Intf Internet_Network, IKE Peer r.r.r.r  local Proxy Address 0.0.0.0, remote Proxy Address 0.0.0.0,  Crypto map (N/A)
    2|Nov 10 2016|13:57:57|321006|||||System Memory usage reached 87%
    6|Nov 10 2016|13:56:41|302016|y.y.y.y|123|x.x.x.x|65535|Teardown UDP connection 26012 for Internet_Network:y.y.y.y/123 to identity:x.x.x.x/65535 duration 0:02:02 bytes 96
    6|Nov 10 2016|13:54:38|302015|x.x.x.x|65535|y.y.y.y|123|Built outbound UDP connection 26012 for Internet_Network:y.y.y.y/123 (y.y.y.y/123) to identity:x.x.x.x/65535 (x.x.x.x/65535)
    6|Nov 10 2016|13:54:32|602304|||||IPSEC: An inbound LAN-to-LAN SA (SPI= 0x9209869F) between r.r.r.r and x.x.x.x (user= r.r.r.r) has been deleted.
    6|Nov 10 2016|13:54:32|602304|||||IPSEC: An outbound LAN-to-LAN SA (SPI= 0xCCCCBD1F) between x.x.x.x and r.r.r.r (user= r.r.r.r) has been deleted.
    5|Nov 10 2016|13:54:02|713120|||||Group = r.r.r.r, IP = r.r.r.r, PHASE 2 COMPLETED (msgid=4ee14563)
    6|Nov 10 2016|13:54:02|602303|||||IPSEC: An inbound LAN-to-LAN SA (SPI= 0xA6CD8BE9) between x.x.x.x and r.r.r.r (user= r.r.r.r) has been created.
    6|Nov 10 2016|13:54:02|602303|||||IPSEC: An outbound LAN-to-LAN SA (SPI= 0xCC5FECED) between x.x.x.x and r.r.r.r (user= r.r.r.r) has been created.
    5|Nov 10 2016|13:54:02|713049|||||Group = r.r.r.r, IP = r.r.r.r, Security negotiation complete for LAN-to-LAN Group (r.r.r.r)  Initiator, Inbound SPI = 0xa6cd8be9, Outbound SPI = 0xcc5feced
    5|Nov 10 2016|13:54:02|713041|||||Group = r.r.r.r, IP = r.r.r.r, IKE Initiator: Rekeying Phase 2, Intf Internet_Network, IKE Peer r.r.r.r  local Proxy Address s.s.s.s, remote Proxy Address n.n.n.n,  Crypto map (Internet_Network_map)
    3|Nov 10 2016|13:54:00|313001|a.a.a.a||||Denied ICMP type=9, code=0 from a.a.a.a on interface Endpoint_Network
    6|Nov 10 2016|13:53:27|302010|||||3 in use, 9 most used
    2|Nov 10 2016|13:52:57|321006|||||System Memory usage reached 87%
    5|Nov 10 2016|13:52:02|713119|||||Group = r.r.r.r, IP = r.r.r.r, PHASE 1 COMPLETED
    6|Nov 10 2016|13:52:02|713172|||||Group = r.r.r.r, IP = r.r.r.r, Automatic NAT Detection Status:     Remote end   IS   behind a NAT device     This   end   IS   behind a NAT device
    5|Nov 10 2016|13:52:02|713041|||||IP = r.r.r.r, IKE Initiator: Rekeying Phase 1, Intf Internet_Network, IKE Peer r.r.r.r  local Proxy Address 0.0.0.0, remote Proxy Address 0.0.0.0,  Crypto map (N/A)
    2|Nov 10 2016|13:47:57|321006|||||System Memory usage reached 87%
    6|Nov 10 2016|13:46:01|602304|||||IPSEC: An inbound LAN-to-LAN SA (SPI= 0xA3135448) between r.r.r.r and x.x.x.x (user= r.r.r.r) has been deleted.
    6|Nov 10 2016|13:46:01|602304|||||IPSEC: An outbound LAN-to-LAN SA (SPI= 0xC0D62FF4) between x.x.x.x and r.r.r.r (user= r.r.r.r) has been deleted.
    5|Nov 10 2016|13:45:32|713120|||||Group = r.r.r.r, IP = r.r.r.r, PHASE 2 COMPLETED (msgid=4eae9738)
    6|Nov 10 2016|13:45:32|602303|||||IPSEC: An inbound LAN-to-LAN SA (SPI= 0x9209869F) between x.x.x.x and r.r.r.r (user= r.r.r.r) has been created.
    6|Nov 10 2016|13:45:32|602303|||||IPSEC: An outbound LAN-to-LAN SA (SPI= 0xCCCCBD1F) between x.x.x.x and r.r.r.r (user= r.r.r.r) has been created.
    5|Nov 10 2016|13:45:32|713049|||||Group = r.r.r.r, IP = r.r.r.r, Security negotiation complete for LAN-to-LAN Group (r.r.r.r)  Initiator, Inbound SPI = 0x9209869f, Outbound SPI = 0xccccbd1f
    5|Nov 10 2016|13:45:31|713041|||||Group = r.r.r.r, IP = r.r.r.r, IKE Initiator: Rekeying Phase 2, Intf Internet_Network, IKE Peer r.r.r.r  local Proxy Address s.s.s.s, remote Proxy Address n.n.n.n,  Crypto map (Internet_Network_map)
    5|Nov 10 2016|13:44:32|713119|||||Group = r.r.r.r, IP = r.r.r.r, PHASE 1 COMPLETED
    6|Nov 10 2016|13:44:31|713172|||||Group = r.r.r.r, IP = r.r.r.r, Automatic NAT Detection Status:     Remote end   IS   behind a NAT device     This   end   IS   behind a NAT device
    5|Nov 10 2016|13:44:31|713041|||||IP = r.r.r.r, IKE Initiator: Rekeying Phase 1, Intf Internet_Network, IKE Peer r.r.r.r  local Proxy Address 0.0.0.0, remote Proxy Address 0.0.0.0,  Crypto map (N/A)
    3|Nov 10 2016|13:44:19|313001|a.a.a.a||||Denied ICMP type=9, code=0 from a.a.a.a on interface Endpoint_Network
    6|Nov 10 2016|13:43:24|302010|||||3 in use, 9 most used
    2|Nov 10 2016|13:42:57|321006|||||System Memory usage reached 87%
    6|Nov 10 2016|13:39:36|302016|y.y.y.y|123|x.x.x.x|65535|Teardown UDP connection 26011 for Internet_Network:y.y.y.y/123 to identity:x.x.x.x/65535 duration 0:02:02 bytes 96
    6|Nov 10 2016|13:39:04|302016|r.r.r.r|500|x.x.x.x|500|Teardown UDP connection 26008 for Internet_Network:r.r.r.r/500 to identity:x.x.x.x/500 duration 0:02:02 bytes 848
    2|Nov 10 2016|13:37:57|321006|||||System Memory usage reached 87%
    6|Nov 10 2016|13:37:47|305012|n.n.n.n|49175|d.d.d.d|49175|Teardown dynamic TCP translation from Internet_Network:n.n.n.n/49175 to Endpoint_Network:d.d.d.d/49175 duration 0:00:42
    6|Nov 10 2016|13:37:34|302015|x.x.x.x|65535|y.y.y.y|123|Built outbound UDP connection 26011 for Internet_Network:y.y.y.y/123 (y.y.y.y/123) to identity:x.x.x.x/65535 (x.x.x.x/65535)
    6|Nov 10 2016|13:37:16|302014|192.9.200.100|23|n.n.n.n|49175|Teardown TCP connection 26010 for Endpoint_Network:192.9.200.100/23 to Internet_Network:n.n.n.n/49175 duration 0:00:11 bytes 110 TCP FINs
    6|Nov 10 2016|13:37:04|302013|n.n.n.n|49175|192.9.200.100|23|Built outbound TCP connection 26010 for Endpoint_Network:192.9.200.100/23 (192.9.200.100/23) to Internet_Network:n.n.n.n/49175 (d.d.d.d/49175)
    6|Nov 10 2016|13:37:04|305011|n.n.n.n|49175|d.d.d.d|49175|Built dynamic TCP translation from Internet_Network:n.n.n.n/49175 to Endpoint_Network:d.d.d.d/49175
    5|Nov 10 2016|13:37:01|713120|||||Group = r.r.r.r, IP = r.r.r.r, PHASE 2 COMPLETED (msgid=c73b9bf2)
    6|Nov 10 2016|13:37:01|602303|||||IPSEC: An inbound LAN-to-LAN SA (SPI= 0xA3135448) between x.x.x.x and r.r.r.r (user= r.r.r.r) has been created.
    5|Nov 10 2016|13:37:01|713049|||||Group = r.r.r.r, IP = r.r.r.r, Security negotiation complete for LAN-to-LAN Group (r.r.r.r)  Responder, Inbound SPI = 0xa3135448, Outbound SPI = 0xc0d62ff4
    6|Nov 10 2016|13:37:01|602303|||||IPSEC: An outbound LAN-to-LAN SA (SPI= 0xC0D62FF4) between x.x.x.x and r.r.r.r (user= r.r.r.r) has been created.
    5|Nov 10 2016|13:37:01|713076|||||Group = r.r.r.r, IP = r.r.r.r, Overriding Initiator's IPSec rekeying duration from 0 to 4608000 Kbs
    5|Nov 10 2016|13:37:01|713075|||||Group = r.r.r.r, IP = r.r.r.r, Overriding Initiator's IPSec rekeying duration from 0 to 600 seconds
    5|Nov 10 2016|13:37:01|713119|||||Group = r.r.r.r, IP = r.r.r.r, PHASE 1 COMPLETED
    6|Nov 10 2016|13:37:01|113009|||||AAA retrieved default group policy (GroupPolicy_r.r.r.r) for user = r.r.r.r
    6|Nov 10 2016|13:37:01|713905|||||Group = r.r.r.r, IP = r.r.r.r, Floating NAT-T from r.r.r.r port 500 to r.r.r.r port 4500
    6|Nov 10 2016|13:37:01|713172|||||Group = r.r.r.r, IP = r.r.r.r, Automatic NAT Detection Status:     Remote end   IS   behind a NAT device     This   end   IS   behind a NAT device
    6|Nov 10 2016|13:37:01|302015|r.r.r.r|4500|x.x.x.x|4500|Built inbound UDP connection 26009 for Internet_Network:r.r.r.r/4500 (r.r.r.r/4500) to identity:x.x.x.x/4500 (x.x.x.x/4500)
    6|Nov 10 2016|13:37:01|302015|r.r.r.r|500|x.x.x.x|500|Built inbound UDP connection 26008 for Internet_Network:r.r.r.r/500 (r.r.r.r/500) to identity:x.x.x.x/500 (x.x.x.x/500)
    

    the same log on the pfSense:

    Nov 10 14:07:27	charon		08[IKE] <con11000|108034> IKE_SA con11000[108034] state change: DELETING => DESTROYING
    Nov 10 14:07:27	charon		08[IKE] <con11000|108034> IKE_SA con11000[108034] state change: DELETING => DELETING
    Nov 10 14:07:27	charon		08[IKE] <con11000|108034> IKE_SA con11000[108034] state change: ESTABLISHED => DELETING
    Nov 10 14:07:27	charon		08[IKE] <con11000|108034> deleting IKE_SA con11000[108034] between l.l.l.l[i.i.i.i]...p.p.p.p[192.168.1.168]
    Nov 10 14:07:27	charon		08[IKE] <con11000|108034> received DELETE for IKE_SA con11000[108034]
    Nov 10 14:07:27	charon		08[ENC] <con11000|108034> parsed INFORMATIONAL_V1 request 3508151741 [ HASH D ]
    Nov 10 14:07:27	charon		08[NET] <con11000|108034> received packet: from p.p.p.p[4500] to l.l.l.l[4500] (92 bytes)
    Nov 10 14:07:27	charon		05[IKE] <con11000|108034> closing CHILD_SA con11000{68429} with SPIs c849c2f7_i (0 bytes) 5502fdda_o (0 bytes) and TS n.n.n.n/32|m.m.m.m/32 === s.s.s.s/28|/0
    Nov 10 14:07:27	charon		05[IKE] <con11000|108034> received DELETE for ESP CHILD_SA with SPI 5502fdda
    Nov 10 14:07:27	charon		05[ENC] <con11000|108034> parsed INFORMATIONAL_V1 request 2213762896 [ HASH D ]
    Nov 10 14:07:27	charon		05[NET] <con11000|108034> received packet: from p.p.p.p[4500] to l.l.l.l[4500] (76 bytes)
    Nov 10 14:07:22	charon		14[IKE] <con11000|108034> sending keep alive to p.p.p.p[4500]
    Nov 10 14:07:12	charon		15[IKE] <con11000|108023> IKE_SA con11000[108023] state change: DELETING => DESTROYING
    Nov 10 14:07:12	charon		15[NET] <con11000|108023> sending packet: from l.l.l.l[4500] to p.p.p.p[4500] (92 bytes)
    Nov 10 14:07:12	charon		15[ENC] <con11000|108023> generating INFORMATIONAL_V1 request 733948215 [ HASH D ]
    Nov 10 14:07:12	charon		15[IKE] <con11000|108023> IKE_SA con11000[108023] state change: ESTABLISHED => DELETING
    Nov 10 14:07:12	charon		15[IKE] <con11000|108023> sending DELETE for IKE_SA con11000[108023]
    Nov 10 14:07:12	charon		15[IKE] <con11000|108023> deleting IKE_SA con11000[108023] between l.l.l.l[i.i.i.i]...p.p.p.p[192.168.1.168]
    Nov 10 14:07:12	charon		15[IKE] <con11000|108023> activating ISAKMP_DELETE task
    Nov 10 14:07:12	charon		15[IKE] <con11000|108023> activating new tasks
    Nov 10 14:07:12	charon		15[IKE] <con11000|108023> queueing ISAKMP_DELETE task
    Nov 10 14:07:02	charon		06[NET] <con11000|108034> sending packet: from l.l.l.l[4500] to p.p.p.p[4500] (76 bytes)
    Nov 10 14:07:02	charon		06[ENC] <con11000|108034> generating ID_PROT response 0 [ ID HASH ]
    Nov 10 14:07:02	charon		06[IKE] <con11000|108034> IKE_SA con11000[108034] state change: CONNECTING => ESTABLISHED
    Nov 10 14:07:02	charon		06[IKE] <con11000|108034> IKE_SA con11000[108034] established between l.l.l.l[i.i.i.i]...p.p.p.p[192.168.1.168]
    Nov 10 14:07:02	charon		06[IKE] <con11000|108023> detected reauth of existing IKE_SA, adopting 1 children and 0 virtual IPs
    Nov 10 14:07:02	charon		06[CFG] <108034> selected peer config "con11000"
    Nov 10 14:07:02	charon		06[CFG] <108034> candidate "con11000", match: 1/20/3100 (me/other/ike)
    Nov 10 14:07:02	charon		06[CFG] <108034> candidate "con11000", match: 1/1/3100 (me/other/ike)
    Nov 10 14:06:55	charon		13[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:06:35	charon		10[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:06:15	charon		08[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:05:55	charon		05[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:05:35	charon		07[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:05:15	charon		08[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:04:55	charon		10[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:04:35	charon		13[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:04:15	charon		14[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:03:55	charon		05[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:03:35	charon		08[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:03:15	charon		12[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:03:02	charon		10[IKE] <con11000|108023> closing CHILD_SA con11000{68422} with SPIs cc5feced_i (0 bytes) a6cd8be9_o (0 bytes) and TS n.n.n.n/32|m.m.m.m/32 === s.s.s.s/28|/0
    Nov 10 14:03:02	charon		10[IKE] <con11000|108023> received DELETE for ESP CHILD_SA with SPI a6cd8be9
    Nov 10 14:03:02	charon		10[ENC] <con11000|108023> parsed INFORMATIONAL_V1 request 2111878595 [ HASH D ]
    Nov 10 14:03:02	charon		10[NET] <con11000|108023> received packet: from p.p.p.p[4500] to l.l.l.l[4500] (76 bytes)
    Nov 10 14:02:55	charon		14[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:02:32	charon		10[IKE] <con11000|108023> CHILD_SA con11000{68429} established with SPIs c849c2f7_i 5502fdda_o and TS n.n.n.n/32|m.m.m.m/32 === s.s.s.s/28|/0
    Nov 10 14:02:32	charon		10[CHD] <con11000|108023> SPI 0x5502fdda, src l.l.l.l dst p.p.p.p
    Nov 10 14:02:32	charon		10[CHD] <con11000|108023> adding outbound ESP SA
    Nov 10 14:02:32	charon		10[CHD] <con11000|108023> SPI 0xc849c2f7, src p.p.p.p dst l.l.l.l
    Nov 10 14:02:32	charon		10[CHD] <con11000|108023> adding inbound ESP SA
    Nov 10 14:02:32	charon		10[CHD] <con11000|108023> using HMAC_SHA1_96 for integrity
    Nov 10 14:02:32	charon		10[CHD] <con11000|108023> using AES_CBC for encryption
    Nov 10 14:02:32	charon		10[ENC] <con11000|108023> parsed QUICK_MODE request 2391799828 [ HASH ]
    Nov 10 14:02:32	charon		10[NET] <con11000|108023> received packet: from p.p.p.p[4500] to l.l.l.l[4500] (76 bytes)
    Nov 10 14:02:32	charon		10[NET] <con11000|108023> sending packet: from l.l.l.l[4500] to p.p.p.p[4500] (332 bytes)
    Nov 10 14:02:32	charon		10[ENC] <con11000|108023> generating QUICK_MODE response 2391799828 [ HASH SA No KE ID ID ]
    Nov 10 14:02:32	charon		10[IKE] <con11000|108023> detected rekeying of CHILD_SA con11000{68422}
    Nov 10 14:02:32	charon		10[IKE] <con11000|108023> received 4608000000 lifebytes, configured 0
    Nov 10 14:02:32	charon		10[IKE] <con11000|108023> received 600s lifetime, configured 0s
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> proposal matches
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> selecting proposal:
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> config: n.n.n.n/32|m.m.m.m/32, received: n.n.n.n/32|/0 => match: n.n.n.n/32|m.m.m.m/32
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> selecting traffic selectors for us:
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> config: s.s.s.s/28|/0, received: s.s.s.s/28|/0 => match: s.s.s.s/28|/0
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> selecting traffic selectors for other:
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> found matching child config "con11000" with prio 10
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> candidate "con11000" with prio 5+5
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> s.s.s.s/28|/0
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> proposing traffic selectors for other:
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> n.n.n.n/32|m.m.m.m/32
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> proposing traffic selectors for us:
    Nov 10 14:02:32	charon		10[CFG] <con11000|108023> looking for a child config for n.n.n.n/32|/0 === s.s.s.s/28|/0
    Nov 10 14:02:32	charon		10[ENC] <con11000|108023> parsed QUICK_MODE request 2391799828 [ HASH SA No KE ID ID ]
    Nov 10 14:02:32	charon		10[NET] <con11000|108023> received packet: from p.p.p.p[4500] to l.l.l.l[4500] (316 bytes)
    Nov 10 14:02:12	charon		05[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:01:52	charon		11[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:01:32	charon		10[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:01:12	charon		07[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:00:52	charon		11[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:00:32	charon		05[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 14:00:12	charon		07[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 13:59:52	charon		07[IKE] <con11000|108023> sending keep alive to p.p.p.p[4500]
    Nov 10 13:59:42	charon		15[IKE] <con11000|108010> IKE_SA con11000[108010] state change: DELETING => DESTROYING
    Nov 10 13:59:42	charon		15[NET] <con11000|108010> sending packet: from l.l.l.l[4500] to p.p.p.p[4500] (92 bytes)
    Nov 10 13:59:42	charon		15[ENC] <con11000|108010> generating INFORMATIONAL_V1 request 1160198279 [ HASH D ]
    Nov 10 13:59:42	charon		15[IKE] <con11000|108010> IKE_SA con11000[108010] state change: ESTABLISHED => DELETING
    Nov 10 13:59:42	charon		15[IKE] <con11000|108010> sending DELETE for IKE_SA con11000[108010]
    Nov 10 13:59:42	charon		15[IKE] <con11000|108010> deleting IKE_SA con11000[108010] between l.l.l.l[i.i.i.i]...p.p.p.p[192.168.1.168]
    Nov 10 13:59:42	charon		15[IKE] <con11000|108010> activating ISAKMP_DELETE task
    Nov 10 13:59:42	charon		15[IKE] <con11000|108010> activating new tasks
    Nov 10 13:59:42	charon		15[IKE] <con11000|108010> queueing ISAKMP_DELETE task
    Nov 10 13:59:32	charon		14[NET] <con11000|108023> sending packet: from l.l.l.l[4500] to p.p.p.p[4500] (76 bytes)
    Nov 10 13:59:32	charon		14[ENC] <con11000|108023> generating ID_PROT response 0 [ ID HASH ]
    Nov 10 13:59:32	charon		14[IKE] <con11000|108023> IKE_SA con11000[108023] state change: CONNECTING => ESTABLISHED
    Nov 10 13:59:32	charon		14[IKE] <con11000|108023> IKE_SA con11000[108023] established between l.l.l.l[i.i.i.i]...p.p.p.p[192.168.1.168]
    Nov 10 13:59:32	charon		14[IKE] <con11000|108010> detected reauth of existing IKE_SA, adopting 1 children and 0 virtual IPs
    Nov 10 13:59:32	charon		14[CFG] <108023> selected peer config "con11000"
    Nov 10 13:59:32	charon		14[CFG] <108023> candidate "con11000", match: 1/20/3100 (me/other/ike)
    Nov 10 13:59:32	charon		14[CFG] <108023> candidate "con11000", match: 1/1/3100 (me/other/ike)
    Nov 10 13:59:26	charon		08[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:59:06	charon		16[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:58:46	charon		16[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:58:26	charon		16[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:58:06	charon		12[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:57:46	charon		09[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:57:26	charon		13[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:57:06	charon		08[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:56:46	charon		16[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:56:26	charon		16[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:56:06	charon		16[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:55:46	charon		11[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:55:26	charon		13[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:55:06	charon		16[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:54:46	charon		05[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:54:32	charon		15[IKE] <con11000|108010> closing CHILD_SA con11000{68415} with SPIs ccccbd1f_i (0 bytes) 9209869f_o (0 bytes) and TS n.n.n.n/32|m.m.m.m/32 === s.s.s.s/28|/0
    Nov 10 13:54:32	charon		15[IKE] <con11000|108010> received DELETE for ESP CHILD_SA with SPI 9209869f
    Nov 10 13:54:32	charon		15[ENC] <con11000|108010> parsed INFORMATIONAL_V1 request 3551107460 [ HASH D ]
    Nov 10 13:54:32	charon		15[NET] <con11000|108010> received packet: from p.p.p.p[4500] to l.l.l.l[4500] (76 bytes)
    Nov 10 13:54:26	charon		14[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:54:02	charon		05[IKE] <con11000|108010> CHILD_SA con11000{68422} established with SPIs cc5feced_i a6cd8be9_o and TS n.n.n.n/32|m.m.m.m/32 === s.s.s.s/28|/0
    Nov 10 13:54:02	charon		05[CHD] <con11000|108010> SPI 0xa6cd8be9, src l.l.l.l dst p.p.p.p
    Nov 10 13:54:02	charon		05[CHD] <con11000|108010> adding outbound ESP SA
    Nov 10 13:54:02	charon		05[CHD] <con11000|108010> SPI 0xcc5feced, src p.p.p.p dst l.l.l.l
    Nov 10 13:54:02	charon		05[CHD] <con11000|108010> adding inbound ESP SA
    Nov 10 13:54:02	charon		05[CHD] <con11000|108010> using HMAC_SHA1_96 for integrity
    Nov 10 13:54:02	charon		05[CHD] <con11000|108010> using AES_CBC for encryption
    Nov 10 13:54:02	charon		05[ENC] <con11000|108010> parsed QUICK_MODE request 1323386211 [ HASH ]
    Nov 10 13:54:02	charon		05[NET] <con11000|108010> received packet: from p.p.p.p[4500] to l.l.l.l[4500] (76 bytes)
    Nov 10 13:54:02	charon		05[NET] <con11000|108010> sending packet: from l.l.l.l[4500] to p.p.p.p[4500] (332 bytes)
    Nov 10 13:54:02	charon		05[ENC] <con11000|108010> generating QUICK_MODE response 1323386211 [ HASH SA No KE ID ID ]
    Nov 10 13:54:02	charon		05[IKE] <con11000|108010> detected rekeying of CHILD_SA con11000{68415}
    Nov 10 13:54:02	charon		05[IKE] <con11000|108010> received 4608000000 lifebytes, configured 0
    Nov 10 13:54:02	charon		05[IKE] <con11000|108010> received 600s lifetime, configured 0s
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> proposal matches
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> selecting proposal:
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> config: n.n.n.n/32|m.m.m.m/32, received: n.n.n.n/32|/0 => match: n.n.n.n/32|m.m.m.m/32
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> selecting traffic selectors for us:
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> config: s.s.s.s/28|/0, received: s.s.s.s/28|/0 => match: s.s.s.s/28|/0
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> selecting traffic selectors for other:
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> found matching child config "con11000" with prio 10
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> candidate "con11000" with prio 5+5
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> s.s.s.s/28|/0
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> proposing traffic selectors for other:
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> n.n.n.n/32|m.m.m.m/32
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> proposing traffic selectors for us:
    Nov 10 13:54:02	charon		05[CFG] <con11000|108010> looking for a child config for n.n.n.n/32|/0 === s.s.s.s/28|/0
    Nov 10 13:54:02	charon		05[ENC] <con11000|108010> parsed QUICK_MODE request 1323386211 [ HASH SA No KE ID ID ]
    Nov 10 13:54:02	charon		05[NET] <con11000|108010> received packet: from p.p.p.p[4500] to l.l.l.l[4500] (316 bytes)
    Nov 10 13:53:42	charon		05[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:53:22	charon		11[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:53:02	charon		15[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:52:42	charon		08[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:52:22	charon		09[IKE] <con11000|108010> sending keep alive to p.p.p.p[4500]
    Nov 10 13:52:12	charon		07[IKE] <con11000|107997> IKE_SA con11000[107997] state change: DELETING => DESTROYING
    Nov 10 13:52:12	charon		07[NET] <con11000|107997> sending packet: from l.l.l.l[4500] to p.p.p.p[4500] (92 bytes)
    Nov 10 13:52:12	charon		07[ENC] <con11000|107997> generating INFORMATIONAL_V1 request 4029578563 [ HASH D ]
    Nov 10 13:52:12	charon		07[IKE] <con11000|107997> IKE_SA con11000[107997] state change: ESTABLISHED => DELETING
    Nov 10 13:52:12	charon		07[IKE] <con11000|107997> sending DELETE for IKE_SA con11000[107997]
    Nov 10 13:52:12	charon		07[IKE] <con11000|107997> deleting IKE_SA con11000[107997] between l.l.l.l[i.i.i.i]...p.p.p.p[192.168.1.168]
    Nov 10 13:52:12	charon		07[IKE] <con11000|107997> activating ISAKMP_DELETE task
    Nov 10 13:52:12	charon		07[IKE] <con11000|107997> activating new tasks
    Nov 10 13:52:12	charon		07[IKE] <con11000|107997> queueing ISAKMP_DELETE task
    Nov 10 13:52:02	charon		10[NET] <con11000|108010> sending packet: from l.l.l.l[4500] to p.p.p.p[4500] (76 bytes)
    Nov 10 13:52:02	charon		10[ENC] <con11000|108010> generating ID_PROT response 0 [ ID HASH ]
    Nov 10 13:52:02	charon		10[IKE] <con11000|108010> IKE_SA con11000[108010] state change: CONNECTING => ESTABLISHED
    Nov 10 13:52:02	charon		10[IKE] <con11000|108010> IKE_SA con11000[108010] established between l.l.l.l[i.i.i.i]...p.p.p.p[192.168.1.168]
    Nov 10 13:52:02	charon		10[IKE] <con11000|107997> detected reauth of existing IKE_SA, adopting 1 children and 0 virtual IPs
    Nov 10 13:52:02	charon		10[CFG] <108010> selected peer config "con11000"
    Nov 10 13:52:02	charon		10[CFG] <108010> candidate "con11000", match: 1/20/3100 (me/other/ike)
    Nov 10 13:52:02	charon		11[CFG] <108010> candidate "con11000", match: 1/1/3100 (me/other/ike)
    Nov 10 13:51:56	charon		05[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:51:36	charon		11[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:51:16	charon		10[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:50:56	charon		12[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:50:36	charon		05[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:50:16	charon		06[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:49:56	charon		11[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:49:36	charon		07[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:49:16	charon		09[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:48:56	charon		08[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:48:36	charon		13[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:48:16	charon		07[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:47:56	charon		16[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:47:36	charon		10[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:47:16	charon		16[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:46:56	charon		14[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:46:36	charon		09[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:46:16	charon		16[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:46:02	charon		16[IKE] <con11000|107997> closing CHILD_SA con11000{68405} with SPIs c0d62ff4_i (406 bytes) a3135448_o (984 bytes) and TS n.n.n.n/32|m.m.m.m/32 === s.s.s.s/28|/0
    Nov 10 13:46:02	charon		16[IKE] <con11000|107997> received DELETE for ESP CHILD_SA with SPI a3135448
    Nov 10 13:46:02	charon		16[ENC] <con11000|107997> parsed INFORMATIONAL_V1 request 2348753231 [ HASH D ]
    Nov 10 13:46:02	charon		16[NET] <con11000|107997> received packet: from p.p.p.p[4500] to l.l.l.l[4500] (76 bytes)
    Nov 10 13:45:56	charon		05[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:45:32	charon		10[IKE] <con11000|107997> CHILD_SA con11000{68415} established with SPIs ccccbd1f_i 9209869f_o and TS n.n.n.n/32|m.m.m.m/32 === s.s.s.s/28|/0
    Nov 10 13:45:32	charon		10[CHD] <con11000|107997> SPI 0x9209869f, src l.l.l.l dst p.p.p.p
    Nov 10 13:45:32	charon		10[CHD] <con11000|107997> adding outbound ESP SA
    Nov 10 13:45:32	charon		10[CHD] <con11000|107997> SPI 0xccccbd1f, src p.p.p.p dst l.l.l.l
    Nov 10 13:45:32	charon		10[CHD] <con11000|107997> adding inbound ESP SA
    Nov 10 13:45:32	charon		10[CHD] <con11000|107997> using HMAC_SHA1_96 for integrity
    Nov 10 13:45:32	charon		10[CHD] <con11000|107997> using AES_CBC for encryption
    Nov 10 13:45:32	charon		10[ENC] <con11000|107997> parsed QUICK_MODE request 1320064824 [ HASH ]
    Nov 10 13:45:32	charon		10[NET] <con11000|107997> received packet: from p.p.p.p[4500] to l.l.l.l[4500] (76 bytes)
    Nov 10 13:45:32	charon		07[NET] <con11000|107997> sending packet: from l.l.l.l[4500] to p.p.p.p[4500] (332 bytes)
    Nov 10 13:45:32	charon		07[ENC] <con11000|107997> generating QUICK_MODE response 1320064824 [ HASH SA No KE ID ID ]
    Nov 10 13:45:32	charon		07[IKE] <con11000|107997> detected rekeying of CHILD_SA con11000{68405}
    Nov 10 13:45:32	charon		07[IKE] <con11000|107997> received 4608000000 lifebytes, configured 0
    Nov 10 13:45:32	charon		07[IKE] <con11000|107997> received 600s lifetime, configured 0s
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> selected proposal: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> configured proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> received proposals: ESP:AES_CBC_256/HMAC_SHA1_96/MODP_1024/NO_EXT_SEQ
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> proposal matches
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> selecting proposal:
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> config: n.n.n.n/32|m.m.m.m/32, received: n.n.n.n/32|/0 => match: n.n.n.n/32|m.m.m.m/32
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> selecting traffic selectors for us:
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> config: s.s.s.s/28|/0, received: s.s.s.s/28|/0 => match: s.s.s.s/28|/0
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> selecting traffic selectors for other:
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> found matching child config "con11000" with prio 10
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> candidate "con11000" with prio 5+5
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> s.s.s.s/28|/0
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> proposing traffic selectors for other:
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> n.n.n.n/32|m.m.m.m/32
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> proposing traffic selectors for us:
    Nov 10 13:45:32	charon		07[CFG] <con11000|107997> looking for a child config for n.n.n.n/32|/0 === s.s.s.s/28|/0
    Nov 10 13:45:32	charon		07[ENC] <con11000|107997> parsed QUICK_MODE request 1320064824 [ HASH SA No KE ID ID ]
    Nov 10 13:45:32	charon		07[NET] <con11000|107997> received packet: from p.p.p.p[4500] to l.l.l.l[4500] (316 bytes)
    Nov 10 13:45:12	charon		09[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:44:51	charon		08[IKE] <con11000|107997> sending keep alive to p.p.p.p[4500]
    Nov 10 13:44:42	charon		16[IKE] <con11000|107984> IKE_SA con11000[107984] state change: DELETING => DESTROYING
    Nov 10 13:44:42	charon		16[NET] <con11000|107984> sending packet: from l.l.l.l[4500] to p.p.p.p[4500] (92 bytes)
    Nov 10 13:44:42	charon		16[ENC] <con11000|107984> generating INFORMATIONAL_V1 request 3797664847 [ HASH D ]
    Nov 10 13:44:42	charon		16[IKE] <con11000|107984> IKE_SA con11000[107984] state change: ESTABLISHED => DELETING
    Nov 10 13:44:42	charon		16[IKE] <con11000|107984> sending DELETE for IKE_SA con11000[107984]
    Nov 10 13:44:42	charon		16[IKE] <con11000|107984> deleting IKE_SA con11000[107984] between l.l.l.l[i.i.i.i]...p.p.p.p[192.168.1.168]
    Nov 10 13:44:42	charon		16[IKE] <con11000|107984> activating ISAKMP_DELETE task
    Nov 10 13:44:42	charon		16[IKE] <con11000|107984> activating new tasks
    Nov 10 13:44:42	charon		16[IKE] <con11000|107984> queueing ISAKMP_DELETE task
    Nov 10 13:44:37	charon		08[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:44:31	charon		08[NET] <con11000|107997> sending packet: from l.l.l.l[4500] to p.p.p.p[4500] (76 bytes)
    Nov 10 13:44:31	charon		08[ENC] <con11000|107997> generating ID_PROT response 0 [ ID HASH ]
    Nov 10 13:44:31	charon		08[IKE] <con11000|107997> IKE_SA con11000[107997] state change: CONNECTING => ESTABLISHED
    Nov 10 13:44:31	charon		08[IKE] <con11000|107997> IKE_SA con11000[107997] established between l.l.l.l[i.i.i.i]...p.p.p.p[192.168.1.168]
    Nov 10 13:44:31	charon		08[IKE] <con11000|107984> detected reauth of existing IKE_SA, adopting 1 children and 0 virtual IPs
    Nov 10 13:44:31	charon		08[CFG] <107997> selected peer config "con11000"
    Nov 10 13:44:31	charon		08[CFG] <107997> candidate "con11000", match: 1/20/3100 (me/other/ike)
    Nov 10 13:44:31	charon		08[CFG] <107997> candidate "con11000", match: 1/1/3100 (me/other/ike)
    Nov 10 13:44:17	charon		16[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:43:57	charon		08[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:43:37	charon		09[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:43:17	charon		11[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:42:57	charon		12[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:42:37	charon		13[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:42:17	charon		07[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:41:57	charon		05[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:41:37	charon		06[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:41:17	charon		05[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:40:57	charon		06[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:40:37	charon		05[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:40:17	charon		16[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]
    Nov 10 13:39:57	charon		05[IKE] <con11000|107984> sending keep alive to p.p.p.p[4500]</con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107984></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|107997></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108010></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108034></con11000|108034></con11000|108034></con11000|108034></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108023></con11000|108034></con11000|108034></con11000|108034></con11000|108034></con11000|108034></con11000|108034></con11000|108034></con11000|108034></con11000|108034></con11000|108034></con11000|108034></con11000|108034>
    

    Why this entry on the pfSense:

    Nov 10 14:02:32	charon		10[IKE] <con11000|108023> received 4608000000 lifebytes, configured 0
    Nov 10 14:02:32	charon		10[IKE] <con11000|108023> received 600s lifetime, configured 0s</con11000|108023></con11000|108023>
    

    DPD is disabled because i want that the tunnes shutts down after 600s (because of testing the tunnel for our implemented alarm) on the other site DPD is enabled
    Disable rekey is checked


  • Netgate

    The ASA looks to be disconnecting it.



  • Thank you Derelict,
    this is ok when ASA terminates the tunnel, but why only after 30Min and not after 10Min as i set the tunnel?
    And is it normal that pfsense sends the keep alive?