A single IPSec tunnel goes down

MilesDeep

Background:  One site keeps falling off the network (IPsec VPN tunnel), people at the branch said the old Watchguard firewall was "hot."  Replaced the firewall, seemed better but still the tunnel fails from time to time.

There are quite a few entries in the SAD for this particular tunnel.  After a firewall reboot (at remote site) the tunnel is back up.

Some log entries (latest first):

racoon: [Roseville2Longview]: [206.x.x.x] ERROR: notification 32768 received in informational exchange.
racoon: ERROR: pfkey DELETE received: ESP 168.x.x.x[500]->206.x.x.x[500] spi=1012270089(0x3c560208)
racoon: ERROR: pfkey DELETE received: ESP 168.x.x.x[500]->206.x.x.x[500] spi=1317536775(0x4e880407)
racoon: [Corp-to-remote1]: INFO: IPsec-SA established: ESP 168.x.x.x[500]->206.x.x.x[500] spi=1012270988(0x3c560448)

We changed the ISP recently.  But, when the circuit is down, I can get to the external on the ISP modem/router but not the external on the firewall or, obviously, the internal int.  The connection is lost between the ISP equipment and our firewall.  Could this be a circuit issue or maybe a piece of equipment between the devices?

Thanks for any help provided.

MilesDeep

Just an update:  Today I have the following log entries and SEVERAL entries in the SAD table.

Jan 28 08:24:04 racoon: INFO: unsupported PF_KEY message REGISTER
Jan 28 08:23:29 racoon: [Roseville2Longview]: [206.x.x.x] ERROR: notification 32768 received in informational exchange.

Any thoughts are welcome.  Just a thought; if, on the remote firewall, the key expiration is set to 24 hours AND zero kilobytes, will the key constantly be regenerated?  I have always thought not, but…