Community discussions

MikroTik App
 
koinak
just joined
Topic Author
Posts: 4
Joined: Mon Nov 04, 2013 8:27 am

About ipsec site to site vpn,need help

Mon Nov 04, 2013 8:43 am

Hi,all.i use MikroTik RouterOS(v2.9.26) router made a sitetosite vpn to CISCO Router.Testing the IPsec tunnel is work.But when run after 24hr,the vpn will auto break off and need reboot the MikroTik router the vpn can re-connection.How to fix this issue?Thx. :)
 
TheOtherNeo
just joined
Posts: 5
Joined: Fri Jul 05, 2013 1:10 pm

Re: About ipsec site to site vpn,need help

Mon Nov 04, 2013 10:18 am

I'm having the same issue at the moment between a V5.3 and V6.3 firmware RouterBoard. The link is established, it sends data to the remote unit, but it isn't receiving anything back. I have also rebooted both units but still it persists.

As a note, the V6 unit is on an ISP assigned dynamic PPPoE address and the V5 unit on a static IP.
 
leonset
Member Candidate
Member Candidate
Posts: 256
Joined: Wed Apr 01, 2009 9:09 pm

Re: About ipsec site to site vpn,need help

Mon Nov 04, 2013 2:20 pm

Why are you using such an old version? (v2.9.26)
 
koinak
just joined
Topic Author
Posts: 4
Joined: Mon Nov 04, 2013 8:27 am

Re: About ipsec site to site vpn,need help

Mon Nov 04, 2013 5:52 pm

I'm having the same issue at the moment between a V5.3 and V6.3 firmware RouterBoard. The link is established, it sends data to the remote unit, but it isn't receiving anything back. I have also rebooted both units but still it persists.

As a note, the V6 unit is on an ISP assigned dynamic PPPoE address and the V5 unit on a static IP.


Is very strange,these is the router log when the IPsec tunnel is working after 12hours,some one can fix this issue?Thx a lot~
19:05:20 ipsec,ike,info received ISAKMP packet from 209.xxx.xxx.xxx:500, phase
2, Quick
19:05:20 ipsec,ike,info received ISAKMP packet from 209.xxx.xxx.xxx:500, phase
2, Quick
19:05:20 ipsec,ike,info received ISAKMP packet from 209.xxx.xxx.xxx:500, phase
2, Quick
19:06:04 ipsec,ike,info phase 1 expired (remote unknown)
19:06:04 ipsec,ike,info phase 1 expired (local 202.xxx.xxx.xxx:500) (remote
209.xxx.xxx.xxx:500)
19:06:05 ipsec,ike,info phase 1 deleted (local 202.xxx.xxx.xxx:500) (remote
209.xxx.xxx.xxx:500)
19:06:07 ipsec,ike,info received ISAKMP packet from 209.xxx.xxx.xxx:500, phase
2, Informational
19:06:07 ipsec,ike,info unexpected Informational exchange (remote unknown)
.
.
.
 
koinak
just joined
Topic Author
Posts: 4
Joined: Mon Nov 04, 2013 8:27 am

Re: About ipsec site to site vpn,need help

Mon Nov 04, 2013 5:57 pm

Why are you using such an old version? (v2.9.26)

Because the 2.9 is very stable and working fine,so i don't upgrade to new version.You means upgrade to new version can fix this issue? :shock:
 
koinak
just joined
Topic Author
Posts: 4
Joined: Mon Nov 04, 2013 8:27 am

Re: About ipsec site to site vpn,need help

Tue Nov 05, 2013 4:37 am

Yeah,is very strange,the iIPsec tunnel show is established ,buy the log show a error:

ip ipsec policy> print stats
Flags: X - disabled, D - dynamic, I - invalid
0 src-address=192.168.184.0/24:any dst-address=192.168.220.0/24:any
protocol=all ph2-state=established in-accepted=0 in-dropped=0
out-accepted=0 out-dropped=1 encrypted=6 not-encrypted=0 decrypted=6
not-decrypted=0

1 src-address=192.168.184.0/24:any dst-address=192.168.112.0/24:any
protocol=all ph2-state=established in-accepted=0 in-dropped=0
out-accepted=0 out-dropped=0 encrypted=4 not-encrypted=0 decrypted=4
not-decrypted=0

2 src-address=192.168.184.0/24:any dst-address=192.168.104.0/24:any
protocol=all ph2-state=established in-accepted=0 in-dropped=0
out-accepted=0 out-dropped=0 encrypted=6 not-encrypted=0 decrypted=4
not-decrypted=0

router log:
10:33:20 ipsec,ike,info received ISAKMP packet from 209.xxx.xxx.xxx:500, phase
2, Quick
10:33:20 ipsec,ike,info responding phase 2 (src 202.xxx.xxx.xxx) (dst
209.XXX.XXX.XXX)
10:33:20 ipsec,ike,info no policy found (remote unknown)
10:33:20 ipsec,ike,info no proposal found (remote unknown)
10:33:20 ipsec,ike,info failed to pre-process packet (remote unknow

Who is online

Users browsing this forum: No registered users and 17 guests