Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.0 RC1 working ipsec site to site config

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    4 Posts 1 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      expert_az
      last edited by

      anyone can send working pf 2.0 RC1 to pf 2.0 RC1 site to site ipsec config ?because mine disconnecting and only after racoon restart able to connect.Before it was working with pf 1.2.3 without any problem.

      my systems:

      2.0-RC1 (i386)
      built on Thu Apr 7 21:53:59 EDT 2011

      1 Reply Last reply Reply Quote 0
      • E
        expert_az
        last edited by

        any answers?

        adding logs and ipsec configs.Before upgrade  2.0 RC1 this configs was running without any problem,this problems occurs after upgrade,please tell me am i doing something wrong?

        Logs

        MainOffice111
        Apr 9 16:15:42 racoon: [BranchOffice131]: INFO: IPsec-SA established: ESP 111.111.111.111[500]->131.131.131.131[500] spi=96233152(0x5bc66c0)
        Apr 9 16:15:42 racoon: [BranchOffice131]: INFO: IPsec-SA established: ESP 111.111.111.111[500]->131.131.131.131[500] spi=124500845(0x76bbb6d)
        Apr 9 16:15:42 racoon: [BranchOffice131]: INFO: initiate new phase 2 negotiation: 111.111.111.111[500]<=>131.131.131.131[500]
        Apr 9 16:15:41 racoon: [BranchOffice131]: INFO: ISAKMP-SA established 111.111.111.111[500]-131.131.131.131[500] spi:a30cb4098833f36b:f9349ee8daaa8e92
        Apr 9 16:15:41 racoon: INFO: received Vendor ID: DPD
        Apr 9 16:15:41 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
        Apr 9 16:15:41 racoon: INFO: begin Aggressive mode.
        Apr 9 16:15:41 racoon: [BranchOffice131]: INFO: initiate new phase 1 negotiation: 111.111.111.111[500]<=>131.131.131.131[500]
        Apr 9 16:15:41 racoon: [BranchOffice131]: INFO: IPsec-SA request for 131.131.131.131 queued due to no phase1 found.
        Apr 9 16:15:32 racoon: [BranchOffice222]: INFO: IPsec-SA established: ESP 111.111.111.111[500]->222.222.222.222[500] spi=165271763(0x9d9d8d3)
        Apr 9 16:15:32 racoon: [BranchOffice222]: INFO: IPsec-SA established: ESP 111.111.111.111[500]->222.222.222.222[500] spi=31387927(0x1def117)
        Apr 9 16:15:32 racoon: [BranchOffice222]: INFO: respond new phase 2 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
        Apr 9 16:15:32 racoon: [BranchOffice222]: INFO: ISAKMP-SA established 111.111.111.111[500]-222.222.222.222[500] spi:28db9ca101ef99c7:56564054e81bd71e
        Apr 9 16:15:32 racoon: INFO: received Vendor ID: DPD
        Apr 9 16:15:32 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
        Apr 9 16:15:32 racoon: INFO: begin Aggressive mode.
        Apr 9 16:15:32 racoon: [BranchOffice222]: INFO: respond new phase 1 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
        Apr 9 16:15:31 racoon: [BranchOffice121]: INFO: IPsec-SA established: ESP 111.111.111.111[500]->121.121.121.121[500] spi=48228194(0x2dfe762)
        Apr 9 16:15:31 racoon: [BranchOffice121]: INFO: IPsec-SA established: ESP 111.111.111.111[500]->121.121.121.121[500] spi=193485563(0xb885afb)
        Apr 9 16:15:31 racoon: [BranchOffice121]: INFO: initiate new phase 2 negotiation: 111.111.111.111[500]<=>121.121.121.121[500]
        Apr 9 16:15:24 racoon: [Self]: INFO: 111.111.111.111[500] used as isakmp port (fd=17)
        Apr 9 16:15:24 racoon: [Self]: INFO: 111.111.111.111[500] used for NAT-T
        Apr 9 16:15:24 racoon: [Self]: INFO: 111.111.111.111[4500] used as isakmp port (fd=16)
        Apr 9 16:15:24 racoon: [Self]: INFO: 111.111.111.111[4500] used for NAT-T
        Apr 9 16:14:47 racoon: ERROR: failed to begin ipsec sa negotication.
        Apr 9 16:14:47 racoon: ERROR: phase1 negotiation failed due to send error. ac3aa97737ea0d9d:0000000000000000
        Apr 9 16:14:47 racoon: INFO: begin Aggressive mode.
        Apr 9 16:14:47 racoon: [BranchOffice222]: INFO: initiate new phase 1 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
        Apr 9 16:14:47 racoon: [BranchOffice222]: INFO: IPsec-SA request for 222.222.222.222 queued due to no phase1 found.
        Apr 9 16:14:23 racoon: ERROR: failed to begin ipsec sa negotication.
        Apr 9 16:14:23 racoon: ERROR: phase1 negotiation failed due to send error. 54ee0fe2f345b74b:0000000000000000
        Apr 9 16:14:23 racoon: INFO: begin Aggressive mode.
        Apr 9 16:14:23 racoon: [BranchOffice222]: INFO: initiate new phase 1 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
        Apr 9 16:14:23 racoon: [BranchOffice222]: INFO: IPsec-SA request for 222.222.222.222 queued due to no phase1 found.
        Apr 9 16:13:59 racoon: ERROR: failed to begin ipsec sa negotication.
        Apr 9 16:13:59 racoon: ERROR: phase1 negotiation failed due to send error. be7fe2346fa975fb:0000000000000000
        Apr 9 16:13:59 racoon: INFO: begin Aggressive mode.
        Apr 9 16:13:59 racoon: [BranchOffice222]: INFO: initiate new phase 1 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
        Apr 9 16:13:59 racoon: [BranchOffice222]: INFO: IPsec-SA request for 222.222.222.222 queued due to no phase1 found.
        Apr 9 16:13:35 racoon: ERROR: failed to begin ipsec sa negotication.
        Apr 9 16:13:35 racoon: ERROR: phase1 negotiation failed due to send error. 4acb668add723bf0:0000000000000000
        Apr 9 16:13:35 racoon: INFO: begin Aggressive mode.
        Apr 9 16:13:35 racoon: [BranchOffice222]: INFO: initiate new phase 1 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
        Apr 9 16:13:35 racoon: [BranchOffice222]: INFO: IPsec-SA request for 222.222.222.222 queued due to no phase1 found.
        Apr 9 16:11:42 racoon: ERROR: failed to begin ipsec sa negotication.
        Apr 9 16:11:42 racoon: ERROR: phase1 negotiation failed due to send error. 23b1def39da3af33:0000000000000000
        Apr 9 16:11:42 racoon: INFO: begin Aggressive mode.
        Apr 9 16:11:42 racoon: [BranchOffice222]: INFO: initiate new phase 1 negotiation: 111.111.111.111[500]<=>222.222.222.222[500]
        Apr 9 16:11:42 racoon: [BranchOffice222]: INFO: IPsec-SA request for 222.222.222.222 queued due to no phase1 found.
        Apr 9 16:11:17 racoon: ERROR: failed to start post getspi.

        BranchOffice121
        Apr 9 16:15:31 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 121.121.121.121[0]->111.111.111.111[0] spi=193485563(0xb885afb)
        Apr 9 16:15:31 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 111.111.111.111[0]->121.121.121.121[0] spi=48228194(0x2dfe762)
        Apr 9 16:15:31 racoon: [MainOffice111]: INFO: respond new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:15:31 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:15:01 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:14:56 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:14:26 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:14:24 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:13:54 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:13:50 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:13:20 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:13:20 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:12:50 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:12:49 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:12:19 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:12:16 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:11:46 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:11:44 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:11:14 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:11:04 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:10:34 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:10:34 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:10:04 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:10:01 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:09:31 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:09:30 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:09:00 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:08:54 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:08:24 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:08:20 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:07:50 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:07:46 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:07:16 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:07:14 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:06:44 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:06:40 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:06:10 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:06:06 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:05:36 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:05:32 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:05:02 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:05:01 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:04:31 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:04:27 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:03:57 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:03:50 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:03:20 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:03:19 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:02:49 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:02:48 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:02:18 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:02:16 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:01:46 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:01:38 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:01:08 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:01:07 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:00:37 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:00:37 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:00:07 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 16:00:04 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:59:34 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:59:30 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:59:00 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:58:56 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:58:26 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:58:24 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:57:54 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:57:49 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:57:19 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:57:14 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:56:44 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:56:38 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:56:08 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:56:03 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:55:33 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:55:26 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:54:56 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:54:52 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:54:22 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:54:20 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:53:50 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:53:46 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:53:16 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:53:10 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:52:40 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:52:35 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:52:05 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:51:54 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:51:24 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:51:18 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:50:48 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:50:46 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:50:16 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:50:15 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:49:45 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:49:35 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:49:05 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:49:04 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:48:34 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:48:34 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:48:04 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:48:01 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:47:31 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:36:00 racoon: [MainOffice111]: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:35:30 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP/Tunnel 111.111.111.111[0]->121.121.121.121[0] spi=1558667(0x17c88b)
        Apr 9 15:35:30 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 15:35:30 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP 121.121.121.121[0]->111.111.111.111[0] spi=152684926(0x919c97e)
        Apr 9 14:47:29 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 121.121.121.121[0]->111.111.111.111[0] spi=152684926(0x919c97e)
        Apr 9 14:47:29 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 111.111.111.111[0]->121.121.121.121[0] spi=1558667(0x17c88b)
        Apr 9 14:47:29 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP/Tunnel 111.111.111.111[0]->121.121.121.121[0] spi=225411871(0xd6f831f)
        Apr 9 14:47:29 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 14:47:29 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP 121.121.121.121[0]->111.111.111.111[0] spi=188446918(0xb3b78c6)
        Apr 9 13:59:28 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 121.121.121.121[0]->111.111.111.111[0] spi=188446918(0xb3b78c6)
        Apr 9 13:59:28 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 111.111.111.111[0]->121.121.121.121[0] spi=225411871(0xd6f831f)
        Apr 9 13:59:28 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP/Tunnel 111.111.111.111[0]->121.121.121.121[0] spi=126827611(0x78f3c5b)
        Apr 9 13:59:28 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 13:59:28 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP 121.121.121.121[0]->111.111.111.111[0] spi=114434545(0x6d221f1)
        Apr 9 13:11:27 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 121.121.121.121[0]->111.111.111.111[0] spi=114434545(0x6d221f1)
        Apr 9 13:11:27 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 111.111.111.111[0]->121.121.121.121[0] spi=126827611(0x78f3c5b)
        Apr 9 13:11:27 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP/Tunnel 111.111.111.111[0]->121.121.121.121[0] spi=64378002(0x3d65492)
        Apr 9 13:11:27 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 13:11:27 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP 121.121.121.121[0]->111.111.111.111[0] spi=220194169(0xd1fe579)
        Apr 9 12:23:26 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 121.121.121.121[0]->111.111.111.111[0] spi=220194169(0xd1fe579)
        Apr 9 12:23:26 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 111.111.111.111[0]->121.121.121.121[0] spi=64378002(0x3d65492)
        Apr 9 12:23:26 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP/Tunnel 111.111.111.111[0]->121.121.121.121[0] spi=110620595(0x697efb3)
        Apr 9 12:23:26 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 121.121.121.121[0]<=>111.111.111.111[0]
        Apr 9 12:23:26 racoon: [MainOffice111]: INFO: IPsec-SA expired: ESP 121.121.121.121[0]->111.111.111.111[0] spi=77366575(0x49c852f)

        BranchOffice222
        Apr 9 16:15:32 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 222.222.222.222[500]->111.111.111.111[500] spi=31387927(0x1def117)
        Apr 9 16:15:32 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 222.222.222.222[500]->111.111.111.111[500] spi=165271763(0x9d9d8d3)
        Apr 9 16:15:32 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:15:32 racoon: [MainOffice111]: INFO: ISAKMP-SA established 222.222.222.222[500]-111.111.111.111[500] spi:28db9ca101ef99c7:56564054e81bd71e
        Apr 9 16:15:32 racoon: INFO: received Vendor ID: DPD
        Apr 9 16:15:32 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
        Apr 9 16:15:25 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
        Apr 9 16:15:23 racoon: INFO: delete phase 2 handler.
        Apr 9 16:15:23 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:14:51 racoon: INFO: begin Aggressive mode.
        Apr 9 16:14:51 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:14:51 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 16:14:50 racoon: INFO: delete phase 2 handler.
        Apr 9 16:14:50 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:14:36 racoon: ERROR: phase1 negotiation failed due to time up. 1a40da5577af1a98:0000000000000000
        Apr 9 16:14:18 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
        Apr 9 16:14:17 racoon: INFO: delete phase 2 handler.
        Apr 9 16:14:17 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:13:46 racoon: INFO: begin Aggressive mode.
        Apr 9 16:13:46 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:13:46 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 16:13:42 racoon: INFO: delete phase 2 handler.
        Apr 9 16:13:42 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:13:25 racoon: ERROR: phase1 negotiation failed due to time up. 4a259d9ee4bbf29b:0000000000000000
        Apr 9 16:13:10 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
        Apr 9 16:13:06 racoon: INFO: delete phase 2 handler.
        Apr 9 16:13:06 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:12:35 racoon: INFO: begin Aggressive mode.
        Apr 9 16:12:35 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:12:35 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 16:12:17 racoon: INFO: delete phase 2 handler.
        Apr 9 16:12:17 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:11:54 racoon: ERROR: phase1 negotiation failed due to time up. 07e828dbd0030d0c:0000000000000000
        Apr 9 16:11:46 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
        Apr 9 16:11:35 racoon: INFO: delete phase 2 handler.
        Apr 9 16:11:35 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:11:04 racoon: INFO: begin Aggressive mode.
        Apr 9 16:11:04 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:11:04 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 16:10:53 racoon: INFO: delete phase 2 handler.
        Apr 9 16:10:53 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:10:37 racoon: ERROR: phase1 negotiation failed due to time up. 9437e81477c46ac8:0000000000000000
        Apr 9 16:10:22 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
        Apr 9 16:10:19 racoon: INFO: delete phase 2 handler.
        Apr 9 16:10:19 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:09:47 racoon: INFO: begin Aggressive mode.
        Apr 9 16:09:47 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:09:47 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 16:09:42 racoon: INFO: delete phase 2 handler.
        Apr 9 16:09:42 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:09:18 racoon: ERROR: phase1 negotiation failed due to time up. 8404f6e665cb5936:0000000000000000
        Apr 9 16:09:11 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
        Apr 9 16:08:59 racoon: INFO: delete phase 2 handler.
        Apr 9 16:08:59 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:08:27 racoon: INFO: begin Aggressive mode.
        Apr 9 16:08:27 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:08:27 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 16:08:25 racoon: INFO: delete phase 2 handler.
        Apr 9 16:08:25 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:08:10 racoon: ERROR: phase1 negotiation failed due to time up. f22b1d1499e58082:0000000000000000
        Apr 9 16:07:54 racoon: [MainOffice111]: [111.111.111.111] INFO: request for establishing IPsec-SA was queued due to no phase1 found.
        Apr 9 16:07:51 racoon: INFO: delete phase 2 handler.
        Apr 9 16:07:51 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->222.222.222.222[0]
        Apr 9 16:07:20 racoon: INFO: begin Aggressive mode.
        Apr 9 16:07:20 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:07:20 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 16:06:59 racoon: [MainOffice111]: INFO: ISAKMP-SA deleted 222.222.222.222[500]-111.111.111.111[500] spi:c3424c4a2ecae460:2b8a7aa67c2a2a1b
        Apr 9 16:06:59 racoon: [MainOffice111]: INFO: ISAKMP-SA expired 222.222.222.222[500]-111.111.111.111[500] spi:c3424c4a2ecae460:2b8a7aa67c2a2a1b
        Apr 9 16:06:58 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:06:53 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:06:23 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:06:09 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:05:39 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:05:37 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:05:07 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:04:55 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:04:25 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:04:21 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:03:51 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:03:47 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:03:17 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:03:07 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:02:37 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:02:33 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:02:03 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:01:45 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:01:15 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:01:11 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:00:41 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 16:00:33 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 16:00:03 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 15:59:54 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:59:24 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 15:59:20 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:58:50 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 15:58:33 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:58:03 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 15:57:58 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.
        Apr 9 15:57:28 racoon: [MainOffice111]: INFO: initiate new phase 2 negotiation: 222.222.222.222[500]<=>111.111.111.111[500]
        Apr 9 15:57:22 racoon: ERROR: 111.111.111.111 give up to get IPsec-SA due to time up to wait.

        BranchOffice131
        Apr 9 16:15:41 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 131.131.131.131[500]->111.111.111.111[500] spi=124500845(0x76bbb6d)
        Apr 9 16:15:41 racoon: [MainOffice111]: INFO: IPsec-SA established: ESP 131.131.131.131[500]->111.111.111.111[500] spi=96233152(0x5bc66c0)
        Apr 9 16:15:41 racoon: [MainOffice111]: INFO: respond new phase 2 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
        Apr 9 16:15:40 racoon: [MainOffice111]: INFO: ISAKMP-SA established 131.131.131.131[500]-111.111.111.111[500] spi:a30cb4098833f36b:f9349ee8daaa8e92
        Apr 9 16:15:40 racoon: INFO: received Vendor ID: DPD
        Apr 9 16:15:40 racoon: INFO: received broken Microsoft ID: FRAGMENTATION
        Apr 9 16:15:40 racoon: INFO: begin Aggressive mode.
        Apr 9 16:15:40 racoon: [MainOffice111]: INFO: respond new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
        Apr 9 16:12:56 racoon: ERROR: phase1 negotiation failed due to time up. 73f8fcd06dbc6d6f:0000000000000000
        Apr 9 16:12:37 racoon: INFO: delete phase 2 handler.
        Apr 9 16:12:37 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
        Apr 9 16:12:06 racoon: INFO: begin Aggressive mode.
        Apr 9 16:12:06 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
        Apr 9 16:12:06 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 16:08:31 racoon: ERROR: phase1 negotiation failed due to time up. 77fb771428668638:0000000000000000
        Apr 9 16:08:12 racoon: INFO: delete phase 2 handler.
        Apr 9 16:08:12 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
        Apr 9 16:07:41 racoon: INFO: begin Aggressive mode.
        Apr 9 16:07:41 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
        Apr 9 16:07:41 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 16:04:06 racoon: ERROR: phase1 negotiation failed due to time up. 5155ba68f37035f2:0000000000000000
        Apr 9 16:03:47 racoon: INFO: delete phase 2 handler.
        Apr 9 16:03:47 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
        Apr 9 16:03:16 racoon: INFO: begin Aggressive mode.
        Apr 9 16:03:16 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
        Apr 9 16:03:16 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 15:59:40 racoon: ERROR: phase1 negotiation failed due to time up. 44398177140d3491:0000000000000000
        Apr 9 15:59:21 racoon: INFO: delete phase 2 handler.
        Apr 9 15:59:21 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
        Apr 9 15:58:50 racoon: INFO: begin Aggressive mode.
        Apr 9 15:58:50 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
        Apr 9 15:58:50 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 15:55:15 racoon: ERROR: phase1 negotiation failed due to time up. 0b5335d91a943d8f:0000000000000000
        Apr 9 15:54:56 racoon: INFO: delete phase 2 handler.
        Apr 9 15:54:56 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
        Apr 9 15:54:25 racoon: INFO: begin Aggressive mode.
        Apr 9 15:54:25 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
        Apr 9 15:54:25 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 15:50:50 racoon: ERROR: phase1 negotiation failed due to time up. d0e9d9775d4e5fa7:0000000000000000
        Apr 9 15:50:31 racoon: INFO: delete phase 2 handler.
        Apr 9 15:50:31 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
        Apr 9 15:50:00 racoon: INFO: begin Aggressive mode.
        Apr 9 15:50:00 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
        Apr 9 15:50:00 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.
        Apr 9 15:46:25 racoon: ERROR: phase1 negotiation failed due to time up. e247653ced4bcee6:0000000000000000
        Apr 9 15:46:06 racoon: INFO: delete phase 2 handler.
        Apr 9 15:46:06 racoon: [MainOffice111]: [111.111.111.111] ERROR: phase2 negotiation failed due to time up waiting for phase1 [Remote Side not responding]. ESP 111.111.111.111[0]->131.131.131.131[0]
        Apr 9 15:45:35 racoon: INFO: begin Aggressive mode.
        Apr 9 15:45:35 racoon: [MainOffice111]: INFO: initiate new phase 1 negotiation: 131.131.131.131[500]<=>111.111.111.111[500]
        Apr 9 15:45:35 racoon: [MainOffice111]: INFO: IPsec-SA request for 111.111.111.111 queued due to no phase1 found.

        Configs:

        BranchOffice121(PF 1.2.3)

        This file is automatically generated. Do not edit

        listen {
        adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
        }
        path pre_shared_key "/var/etc/psk.txt";

        path certificate  "/var/etc";

        remote 111.111.111.111 {
        exchange_mode aggressive;
        my_identifier address "121.121.121.121";

        peers_identifier address 111.111.111.111;
        initial_contact on;

        ike_frag on;
        support_proxy on;
        proposal_check obey;

        proposal {
        encryption_algorithm 3des;
        hash_algorithm sha1;
        authentication_method pre_shared_key;
        dh_group 2;
        lifetime time 28800 secs;
        }
        lifetime time 28800 secs;
        }

        sainfo address 192.168.60.0/24 any address 192.168.0.0/16 any {
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1,hmac_md5;
        compression_algorithm deflate;
        pfs_group 2;
        lifetime time 3600 secs;
        }

        BranchOffice222(2.0-RC1 (i386) built on Fri Apr 8 18:33:38 EDT 2011)

        This file is automatically generated. Do not edit

        path pre_shared_key "/var/etc/psk.txt";

        path certificate  "/var/etc";

        listen
        {
        adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
        isakmp 222.222.222.222 [500];
        isakmp_natt 222.222.222.222 [4500];
        }

        remote 111.111.111.111
        {
        ph1id 1;
        exchange_mode main;
        my_identifier address 222.222.222.222;
        peers_identifier address 111.111.111.111;
        ike_frag on;
        generate_policy = off;
        initial_contact = on;
        nat_traversal = off;

        dpd_delay = 60;
        dpd_maxfail = 5;
        support_proxy on;
        proposal_check obey;

        proposal
        {
        authentication_method pre_shared_key;
        encryption_algorithm blowfish 256;
        hash_algorithm sha1;
        dh_group 2;
        lifetime time 28800 secs;
        }
        }

        sainfo subnet 192.168.55.0/24 any subnet 192.168.0.0/16 any
        {
        remoteid 1;
        encryption_algorithm blowfish 256;
        authentication_algorithm hmac_sha1;
        pfs_group 2;
        lifetime time 3600 secs;
        compression_algorithm deflate;
        }

        BranchOffice131(2.0-RC1 (i386) built on Fri Apr 8 18:33:38 EDT 2011)

        This file is automatically generated. Do not edit

        path pre_shared_key "/var/etc/psk.txt";

        path certificate  "/var/etc";

        listen
        {
        adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
        isakmp 131.131.131.131 [500];
        isakmp_natt 131.131.131.131 [4500];
        }

        remote 111.111.111.111
        {
        ph1id 1;
        exchange_mode aggressive;
        my_identifier user_fqdn "email131@email.com";
        peers_identifier user_fqdn "email111@email.com";
        ike_frag on;
        generate_policy = off;
        initial_contact = on;
        nat_traversal = off;

        dpd_delay = 60;
        dpd_maxfail = 5;
        support_proxy on;
        proposal_check obey;

        proposal
        {
        authentication_method pre_shared_key;
        encryption_algorithm blowfish 256;
        hash_algorithm sha1;
        dh_group 2;
        lifetime time 28800 secs;
        }
        }

        sainfo subnet 192.168.10.0/24 any subnet 192.168.0.0/16 any
        {
        remoteid 1;
        encryption_algorithm blowfish 256;
        authentication_algorithm hmac_md5;
        pfs_group 2;
        lifetime time 3600 secs;
        compression_algorithm deflate;
        }

        MainOffice111 (2.0-RC1 (i386) built on Fri Apr 8 18:33:38 EDT 2011)

        This file is automatically generated. Do not edit

        path pre_shared_key "/var/etc/psk.txt";

        path certificate  "/var/etc";

        listen
        {
        adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
        isakmp 111.111.111.111 [500];
        isakmp_natt 111.111.111.111 [4500];
        }

        remote 131.131.131.131
        {
        ph1id 1;
        exchange_mode aggressive;
        my_identifier user_fqdn "email111@email.com";
        peers_identifier user_fqdn "email131@email.com";
        ike_frag on;
        generate_policy = off;
        initial_contact = on;
        nat_traversal = off;

        dpd_delay = 60;
        dpd_maxfail = 5;
        support_proxy on;
        proposal_check obey;

        proposal
        {
        authentication_method pre_shared_key;
        encryption_algorithm blowfish 256;
        hash_algorithm sha1;
        dh_group 2;
        lifetime time 28800 secs;
        }
        }

        remote 121.121.121.121
        {
        ph1id 2;
        exchange_mode aggressive;
        my_identifier address 111.111.111.111;
        peers_identifier address 121.121.121.121;
        ike_frag on;
        generate_policy = off;
        initial_contact = on;
        nat_traversal = off;

        support_proxy on;
        proposal_check obey;

        proposal
        {
        authentication_method pre_shared_key;
        encryption_algorithm 3des;
        hash_algorithm sha1;
        dh_group 2;
        lifetime time 28800 secs;
        }
        }

        remote 222.222.222.222
        {
        ph1id 4;
        exchange_mode main;
        my_identifier address 111.111.111.111;
        peers_identifier address 222.222.222.222;
        ike_frag on;
        generate_policy = off;
        initial_contact = on;
        nat_traversal = off;

        dpd_delay = 60;
        dpd_maxfail = 5;
        support_proxy on;
        proposal_check obey;

        proposal
        {
        authentication_method pre_shared_key;
        encryption_algorithm blowfish 256;
        hash_algorithm sha1;
        dh_group 2;
        lifetime time 28800 secs;
        }
        }

        sainfo subnet 192.168.0.0/16 any subnet 192.168.10.0/24 any
        {
        remoteid 1;
        encryption_algorithm blowfish 256;
        authentication_algorithm hmac_md5;
        pfs_group 2;
        lifetime time 3600 secs;
        compression_algorithm deflate;
        }

        sainfo subnet 192.168.0.0/16 any subnet 192.168.60.0/24 any
        {
        remoteid 2;
        encryption_algorithm 3des;
        authentication_algorithm hmac_sha1,hmac_md5;
        pfs_group 2;
        lifetime time 3600 secs;
        compression_algorithm deflate;
        }

        sainfo subnet 192.168.0.0/16 any subnet 192.168.55.0/24 any
        {
        remoteid 4;
        encryption_algorithm blowfish 256;
        authentication_algorithm hmac_sha1;
        pfs_group 2;
        lifetime time 3600 secs;
        compression_algorithm deflate;
        }

        1 Reply Last reply Reply Quote 0
        • E
          expert_az
          last edited by

          any help?

          1 Reply Last reply Reply Quote 0
          • E
            expert_az
            last edited by

            at last i found my periodically ipsec disconnect problem after researching in redmine,i'm using pptp from home to connect corporate PF 2.0 RC1 firewall.
            Same issue as Chris Buechler described in  bug 1421 (http://redmine.pfsense.org/issues/1421),today i noticed that after my pptp disconnect all ipsec tunnels disconnecting.I can supply any log and configs for deeper research.

            regards.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.