WRV200: IPSec Key Lifetime Stuck on 3600 (VPN)

Hi.  I have a WRV200 router (version 1).  I can successfully setup VPN tunnels to other VPN routers.  However, I have a minor issue.  Although the IPSec Key Lifetime is listed as being any number between 1200 and 86400, it will only let me select 3600.
I have verified this with the following firmware versions:
    1.0.29 (2/14/07)
    1.0.32.2 (5/2/07)
Using the web interface, it will let me change the number, but when I click "Save Settings", it goes back to 3600.
Has anyone else been able to set this field to any other value?
Is there a CLI interface that I can access to tweak the VPN settings?
Thanks,
Van

Get the beta firmware 1.0.38 from Linksys Tech Support. Firmware 1.0.38 is in my opinio the best firmware so far for WRV200.
Message Edited by VPN_user on 04-07-2008 12:27 AM

Similar Messages

  • 881 VPN fails after 24hrs/IKE key lifetime

    Hi all,
    This is my first post on the support forms and I only just got my CCNA, so please bear with me and don't shoot me if I pose a slightly newbish perspective on things. Thanks in advance.       
    We've got a central office (actually quite small) where several IPSec connections connect to. Two of these connections are Cisco 881 routers. One of them works fine, the other craps out after 24 hours (coincidentally also the IKE key lifetime). When I mean "craps out", it means the VPN worked fine from the get go, until 24 hours later. Only a reload will bring back the VPN tunnel. I've verified my PFS and DPD configurations are solid, because these kind of symptoms would most likely occur when these configurations aren't in order.
    The two 881 configurations are quite similar. The only differences between the two are some details in the PPPoE configurations and (quite obviously) the IP address space for the two sites. Both operate on the premise of a point to point connection (no multipoint stuff going on here).
    I have examined all I can. It took me two weeks to make sure I exhausted all my options before I post my issue here.
    Here is a brief list of things I've done.
    - Checked configuration of central router (which is a Mikrotik RB800 btw)
    - Verified that the central router is not the cause of the VPN not coming back. Rebooted it as a last resort; VPN stays down. Rebooted 881, VPN comes back.
    - I've downgraded the 881 firmware image from version 152.4.M2 to 151.4.M4 (the succesful 881 was running the 151.4.M4 image, and I found some Ipsec issues in the caveat for version 152.4.M2), but to no avail.
    - I've tried to clear several crypto components hoping to restore key exchanging, also to no avail. Only a reload will suffice.
    I've included the 881's config:
    Building configuration...Current configuration : 7795 bytes
    ! Last configuration change at 15:37:50 Paris Tue May 28 2013 by admin
    version 15.1
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname <<removed>>
    boot-start-marker
    boot system flash c880data-universalk9-mz.151-4.M4.bin
    boot-end-marker
    logging buffered 102400
    enable secret 4 <<removed>>
    no aaa new-model
    memory-size iomem 10
    clock timezone Paris 1 0
    clock summer-time Paris date Mar 30 2003 2:00 Oct 26 2003 3:00
    crypto pki token default removal timeout 0
    !no ip source-route
    ip dhcp excluded-address 192.168.4.1 192.168.4.9
    ip dhcp excluded-address 192.168.4.199 192.168.4.254
    ip dhcp pool Main
    network 192.168.4.0 255.255.255.0
    dns-server 192.168.4.250 8.8.4.4
    default-router 192.168.4.250
    lease infinite
    ip cef
    ip domain lookup source-interface Dialer1
    ip domain name <<removed>>
    ip name-server 8.8.4.4
    ip name-server 192.168.58.199
    no ipv6 cef
    password encryption aes!
    object-group network SUBNET_DUITSLAND
    description Hele subnet IC Duitsland
    192.168.4.0 255.255.255.0
    object-group network SUBNET_IC_ARNHEM
    description Hele subnet IC Arnhem
    192.168.58.0 255.255.255.0
    object-group network WAN_IC_ARNHEM
    description Het WAN IP adres van IC Arnhem
    host <<removed>>
    vtp mode transparent
    username <<removed>> privilege 15 view root secret 4 <<removed>>
    class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
    match access-group 102
    class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
    match access-group 105
    class-map type inspect match-all ccp-cls--1
    match access-group name Outgoing
    class-map type inspect match-all ccp-cls--2
    match access-group name Incoming
    policy-map type inspect ccp-policy-ccp-cls--1
    class type inspect ccp-cls--1
      pass
    class class-default
      drop
    policy-map type inspect ccp-policy-ccp-cls--2
    class type inspect ccp-cls--2
      pass
    class type inspect sdm-cls-VPNOutsideToInside-1
      inspect
    class type inspect sdm-cls-VPNOutsideToInside-2
      inspect
    class class-default
      drop
    zone security Inside
    zone security Outside
    zone-pair security sdm-zp-Inside-Outside source Inside destination Outside
    service-policy type inspect ccp-policy-ccp-cls--1
    zone-pair security sdm-zp-Outside-Inside source Outside destination Inside
    service-policy type inspect ccp-policy-ccp-cls--2
    crypto logging ezvpn
    crypto isakmp policy 1
    encr aes 256
    authentication pre-share
    group 5
    crypto isakmp key <<removed>> address <<removed>>
    crypto isakmp invalid-spi-recovery
    crypto isakmp keepalive 10 periodic
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec transform-set ESP-AES256-SHA esp-aes esp-sha-hmac
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    description Tunnel to CO
    set peer <<removed>>
    set transform-set ESP-AES256-SHA
    set pfs group5
    match address 104
    interface FastEthernet0
    no ip address
    interface FastEthernet1
    no ip address
    interface FastEthernet2
    no ip address
    interface FastEthernet3
    no ip address
    interface FastEthernet4
    description DeutscheTelekom$ETH-WAN$
    no ip address
    duplex auto
    speed auto
    pppoe-client dial-pool-number 1
    interface Vlan1
    description $FW_INSIDE$
    ip address 192.168.4.250 255.255.255.0
    ip mask-reply
    ip nat inside
    ip virtual-reassembly in
    zone-member security Inside
    ip tcp adjust-mss 1412
    interface Dialer1
    description $FW_OUTSIDE$
    mtu 1492
    ip address negotiated
    ip nat outside
    ip virtual-reassembly in
    zone-member security Outside
    encapsulation ppp
    no ip route-cache
    dialer pool 1
    dialer-group 1
    ppp authentication pap callin
    ppp chap hostname <<removed>>
    ppp chap password 7 <<removed>>
    ppp pap sent-username <<removed>> password 7 <<removed>>
    ppp ipcp dns request
    ppp ipcp address accept
    crypto map SDM_CMAP_1
    ip forward-protocol nd
    no ip http server
    ip http access-class 2
    ip http authentication local
    ip http secure-server
    ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
    ip route 0.0.0.0 0.0.0.0 Dialer1 permanent
    ip access-list extended Incoming
    remark CCP_ACL Category=128
    permit ip any object-group SUBNET_DUITSLAND
    ip access-list extended Outgoing
    remark CCP_ACL Category=128
    permit ip object-group SUBNET_DUITSLAND any
    ip access-list extended SDM_HTTPS
    remark CCP_ACL Category=1
    permit tcp any any eq 443
    ip access-list extended SDM_SHELL
    remark CCP_ACL Category=1
    permit tcp any any eq cmd
    ip access-list extended SDM_SSH
    remark CCP_ACL Category=1
    permit tcp any any eq 22
    no logging trap
    access-list 1 remark CCP_ACL Category=2
    access-list 1 permit 192.168.4.0 0.0.0.255
    access-list 2 permit <<removed>>
    access-list 2 remark Auto generated by SDM Management Access feature
    access-list 2 remark CCP_ACL Category=1
    access-list 2 permit 192.168.4.0 0.0.0.255
    access-list 2 permit 192.168.58.0 0.0.0.255
    access-list 101 remark Auto generated by SDM Management Access feature
    access-list 101 remark CCP_ACL Category=1
    access-list 101 permit ip 192.168.4.0 0.0.0.255 any
    access-list 101 permit ip host <<removed>> any
    access-list 101 permit ip 192.168.58.0 0.0.0.255 any
    access-list 102 remark CCP_ACL Category=0
    access-list 102 permit ip 192.168.58.0 0.0.0.255 192.168.4.0 0.0.0.255
    access-list 103 remark CCP_ACL Category=2
    access-list 103 remark IPSec Rule
    access-list 103 deny   ip 192.168.4.0 0.0.0.255 192.168.58.0 0.0.0.255
    access-list 103 permit ip 192.168.4.0 0.0.0.255 any
    access-list 104 remark CCP_ACL Category=4
    access-list 104 remark IPSec Rule
    access-list 104 permit ip 192.168.4.0 0.0.0.255 192.168.58.0 0.0.0.255
    access-list 105 remark CCP_ACL Category=0
    access-list 105 permit ip 192.168.58.0 0.0.0.255 192.168.4.0 0.0.0.255
    dialer-list 1 protocol ip permit
    route-map SDM_RMAP_1 permit 1
    match ip address 103
    line con 0
    line aux 0
    line vty 0 4
    access-class 101 in
    privilege level 15
    password 7 <<removed>>
    login local
    transport input ssh
    ntp update-calendar
    ntp server de.pool.ntp.org prefer
    end
    Also, I have some ISAKMP debug output (when the VPN fails, I can still reach the router via the internet):
    .May 29 08:31:22.848: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:31:28.848: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:31:30.016: ISAKMP: set new node 0 to QM_IDLE
    .May 29 08:31:30.016: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local <<remote office WAN IP>>, remote <<central office WAN IP>>)
    .May 29 08:31:30.016: ISAKMP: Error while processing SA request: Failed to initialize SA
    .May 29 08:31:30.016: ISAKMP: Error while processing KMI message 0, error 2.
    .May 29 08:31:30.016: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
    .May 29 08:31:30.016: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
    .May 29 08:31:30.016: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
    .May 29 08:31:30.016: ISAKMP:(0): sending packet to <<central office WAN IP>> my_port 500 peer_port 500 (I) MM_NO_STATE
    .May 29 08:31:30.016: ISAKMP:(0):Sending an IKE IPv4 Packet.
    .May 29 08:31:34.848: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:31:40.016: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
    .May 29 08:31:40.016: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
    .May 29 08:31:40.016: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
    .May 29 08:31:40.016: ISAKMP:(0): sending packet to <<central office WAN IP>> my_port 500 peer_port 500 (I) MM_NO_STATE
    .May 29 08:31:40.016: ISAKMP:(0):Sending an IKE IPv4 Packet.
    .May 29 08:31:40.844: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:31:46.380: ISAKMP:(0):purging node 297623767
    .May 29 08:31:46.380: ISAKMP:(0):purging node -1266458641
    .May 29 08:31:46.452: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:31:49.848: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=<<remote office WAN IP>>, prot=50, spi=0xCF8BD5F3(3482047987), srcaddr=<<central office WAN IP>>, input interface=Dialer1
    .May 29 08:31:50.016: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
    .May 29 08:31:50.016: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
    .May 29 08:31:50.016: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
    .May 29 08:31:50.016: ISAKMP:(0): sending packet to <<central office WAN IP>> my_port 500 peer_port 500 (I) MM_NO_STATE
    .May 29 08:31:50.016: ISAKMP:(0):Sending an IKE IPv4 Packet.
    .May 29 08:31:52.845: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:31:56.381: ISAKMP:(0):purging SA., sa=874CF15C, delme=874CF15C
    .May 29 08:31:58.849: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:32:00.017: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
    .May 29 08:32:00.017: ISAKMP:(0):peer does not do paranoid keepalives..May 29 08:32:00.017: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer <<central office WAN IP>>)
    .May 29 08:32:00.017: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer <<central office WAN IP>>)
    .May 29 08:32:00.017: ISAKMP: Unlocking peer struct 0x874792E0 for isadb_mark_sa_deleted(), count 0
    .May 29 08:32:00.017: ISAKMP: Deleting peer node by peer_reap for <<central office WAN IP>>: 874792E0
    .May 29 08:32:00.017: ISAKMP:(0):deleting node -118750948 error FALSE reason "IKE deleted"
    .May 29 08:32:00.017: ISAKMP:(0):deleting node -1193365643 error FALSE reason "IKE deleted"
    .May 29 08:32:00.017: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
    .May 29 08:32:00.017: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_DEST_SA.May 29 08:32:02.037: ISAKMP:(0): SA request profile is (NULL)
    .May 29 08:32:02.037: ISAKMP: Created a peer struct for <<central office WAN IP>>, peer port 500
    .May 29 08:32:02.037: ISAKMP: New peer created peer = 0x875BF6B8 peer_handle = 0x8000000A
    .May 29 08:32:02.037: ISAKMP: Locking peer struct 0x875BF6B8, refcount 1 for isakmp_initiator
    .May 29 08:32:02.037: ISAKMP: local port 500, remote port 500
    .May 29 08:32:02.037: ISAKMP: set new node 0 to QM_IDLE
    .May 29 08:32:02.037: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 85C6B420
    .May 29 08:32:02.037: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
    .May 29 08:32:02.037: ISAKMP:(0):found peer pre-shared key matching <<central office WAN IP>>
    .May 29 08:32:02.037: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
    .May 29 08:32:02.041: ISAKMP:(0): constructed NAT-T vendor-07 ID
    .May 29 08:32:02.041: ISAKMP:(0): constructed NAT-T vendor-03 ID
    .May 29 08:32:02.041: ISAKMP:(0): constructed NAT-T vendor-02 ID
    .May 29 08:32:02.041: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
    .May 29 08:32:02.041: ISAKMP:(0):Old State = IKE_READY  New State = IKE_I_MM1.May 29 08:32:02.041: ISAKMP:(0): beginning Main Mode exchange
    .May 29 08:32:02.041: ISAKMP:(0): sending packet to <<central office WAN IP>> my_port 500 peer_port 500 (I) MM_NO_STATE
    .May 29 08:32:02.041: ISAKMP:(0):Sending an IKE IPv4 Packet.
    .May 29 08:32:04.849: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:32:10.845: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:32:12.041: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
    .May 29 08:32:12.041: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
    .May 29 08:32:12.041: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
    .May 29 08:32:12.041: ISAKMP:(0): sending packet to <<central office WAN IP>> my_port 500 peer_port 500 (I) MM_NO_STATE
    .May 29 08:32:12.041: ISAKMP:(0):Sending an IKE IPv4 Packet.
    .May 29 08:32:16.845: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:32:22.041: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
    .May 29 08:32:22.041: ISAKMP (0): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
    .May 29 08:32:22.041: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
    .May 29 08:32:22.041: ISAKMP:(0): sending packet to <<central office WAN IP>> my_port 500 peer_port 500 (I) MM_NO_STATE
    .May 29 08:32:22.041: ISAKMP:(0):Sending an IKE IPv4 Packet.
    .May 29 08:32:22.449: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:32:28.846: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:32:32.038: ISAKMP: set new node 0 to QM_IDLE
    .May 29 08:32:32.038: ISAKMP:(0):SA is still budding. Attached new ipsec request to it. (local <<remote office WAN IP>>, remote <<central office WAN IP>>)
    .May 29 08:32:32.038: ISAKMP: Error while processing SA request: Failed to initialize SA
    .May 29 08:32:32.038: ISAKMP: Error while processing KMI message 0, error 2.
    .May 29 08:32:32.042: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
    .May 29 08:32:32.042: ISAKMP (0): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
    .May 29 08:32:32.042: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
    .May 29 08:32:32.042: ISAKMP:(0): sending packet to <<central office WAN IP>> my_port 500 peer_port 500 (I) MM_NO_STATE
    .May 29 08:32:32.042: ISAKMP:(0):Sending an IKE IPv4 Packet.
    .May 29 08:32:34.846: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:32:40.846: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:32:42.042: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
    .May 29 08:32:42.042: ISAKMP (0): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
    .May 29 08:32:42.042: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
    .May 29 08:32:42.042: ISAKMP:(0): sending packet to <<central office WAN IP>> my_port 500 peer_port 500 (I) MM_NO_STATE
    .May 29 08:32:42.042: ISAKMP:(0):Sending an IKE IPv4 Packet.
    .May 29 08:32:46.846: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:32:50.018: ISAKMP:(0):purging node -118750948
    .May 29 08:32:50.018: ISAKMP:(0):purging node -1193365643
    .May 29 08:32:51.346: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=<<remote office WAN IP>>, prot=50, spi=0xCF8BD5F3(3482047987), srcaddr=<<central office WAN IP>>, input interface=Dialer1
    .May 29 08:32:52.042: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
    .May 29 08:32:52.042: ISAKMP (0): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
    .May 29 08:32:52.042: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
    .May 29 08:32:52.042: ISAKMP:(0): sending packet to <<central office WAN IP>> my_port 500 peer_port 500 (I) MM_NO_STATE
    .May 29 08:32:52.042: ISAKMP:(0):Sending an IKE IPv4 Packet.
    .May 29 08:32:52.846: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:32:58.847: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>
    .May 29 08:33:00.019: ISAKMP:(0):purging SA., sa=875BE8B8, delme=875BE8B8
    .May 29 08:33:02.043: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
    .May 29 08:33:02.043: ISAKMP:(0):peer does not do paranoid keepalives..May 29 08:33:02.043: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer <<central office WAN IP>>)
    .May 29 08:33:02.043: ISAKMP:(0):deleting SA reason "Death by retransmission P1" state (I) MM_NO_STATE (peer <<central office WAN IP>>)
    .May 29 08:33:02.043: ISAKMP: Unlocking peer struct 0x875BF6B8 for isadb_mark_sa_deleted(), count 0
    .May 29 08:33:02.043: ISAKMP: Deleting peer node by peer_reap for <<central office WAN IP>>: 875BF6B8
    .May 29 08:33:02.043: ISAKMP:(0):deleting node 1839947115 error FALSE reason "IKE deleted"
    .May 29 08:33:02.043: ISAKMP:(0):deleting node -1221586275 error FALSE reason "IKE deleted"
    .May 29 08:33:02.043: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
    .May 29 08:33:02.043: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_DEST_SA.May 29 08:33:02.455: ISAKMP:(0): SA request profile is (NULL)
    .May 29 08:33:02.455: ISAKMP: Created a peer struct for <<central office WAN IP>>, peer port 500
    .May 29 08:33:02.455: ISAKMP: New peer created peer = 0x874792E0 peer_handle = 0x8000000B
    .May 29 08:33:02.455: ISAKMP: Locking peer struct 0x874792E0, refcount 1 for isakmp_initiator
    .May 29 08:33:02.455: ISAKMP: local port 500, remote port 500
    .May 29 08:33:02.455: ISAKMP: set new node 0 to QM_IDLE
    .May 29 08:33:02.455: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 87060E68
    .May 29 08:33:02.455: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
    .May 29 08:33:02.455: ISAKMP:(0):found peer pre-shared key matching <<central office WAN IP>>
    .May 29 08:33:02.455: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
    .May 29 08:33:02.455: ISAKMP:(0): constructed NAT-T vendor-07 ID
    .May 29 08:33:02.455: ISAKMP:(0): constructed NAT-T vendor-03 ID
    .May 29 08:33:02.455: ISAKMP:(0): constructed NAT-T vendor-02 ID
    .May 29 08:33:02.455: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
    .May 29 08:33:02.455: ISAKMP:(0):Old State = IKE_READY  New State = IKE_I_MM1.May 29 08:33:02.455: ISAKMP:(0): beginning Main Mode exchange
    .May 29 08:33:02.455: ISAKMP:(0): sending packet to <<central office WAN IP>> my_port 500 peer_port 500 (I) MM_NO_STATE
    .May 29 08:33:02.455: ISAKMP:(0):Sending an IKE IPv4 Packet.
    .May 29 08:33:04.847: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>ndebug crypto isakmp
    .May 29 08:33:10.847: ISAKMP:(0): ignoring request to send delete notify (sa not authenticated) src <<remote office WAN IP>> dst <<central office WAN IP>>o debug crypto isakmp
    Crypto ISAKMP debugging is off
    IC-Deutschland#
    .May 29 08:33:12.455: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE...
    .May 29 08:33:12.455: ISAKMP (0): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
    .May 29 08:33:12.455: ISAKMP:(0): retransmitting phase 1 MM_NO_STATE
    .May 29 08:33:12.455: ISAKMP:(0): sending packet to <<central office WAN IP>> my_port 500 peer_port 500 (I) MM_NO_STATE
    .May 29 08:33:12.455: ISAKMP:(0):Sending an IKE IPv4 Packet.
    Can anyone shed some light as what could be going on?
    Much obliged!

    Unfortunately I do not have a support contract for our hardware. I wouldn't even know how to get one.
    However, we do pay top dollar for the equipment and it seems one it's components doesn't work as advertised. So if no support is given I will have to try warrenty instead. This does mean I have to replace the unit with a competitor brand which isn't something I'm keen to do because I want to use Cisco as our main brand. This issue effectively nukes my entire plan.
    Given our work load, CPU power isn't an issue. The encryption level is set to this level because I'm paranoid. Which I reckon is a good thing when it comes to network security (correct me if I'm wrong). Do you suspect these settings could be of any influence in this particular case?
    If I remember correctly I used the "debug crypto isakmp" or "debug crypto isakmp errors" and "debug crypto ipsec" (also perhaps with the "error" suffix), I'm not sure.

  • IPSEC SA Lifetime

    If one end of an IPSEC vpn has a lifetime set to 28800 secs and the other end 3600 secs, what effect will this have on the connection? And why?
    The Vpn establishes and runs okay but periodically drops out. I presume this SA Lifetime mis-match is the cause, but was just curious as to why? As my understanding was that even though the lifetimes are different they agree on the lower value anyway?
    Any thoughts?

    Your understanding of the IPSEC SA Lifetime is correct. If you have 3600 and 28800 has the IPSEC Lifetime between two peers, the smaller value will be considered for the SA and in your case 3600. And a new SA is negotiated 30 seconds before the lifetime (3600) expires. This should keep your traffic flowing across the tunnel without any issues.
    I hope it helps.
    Regards,
    Arul

  • MIB object for remaining key lifetime

    Is there a MIB object for 'remaining key lifetime'?  [433 seconds in the example below]
    router# sh crypto ipsec sa interface VlanXXX
       current_peer a.b.c.d port 500
            sa timing: remaining key lifetime (k/sec): (4541405/433)
         inbound esp sas:
            sa timing: remaining key lifetime (k/sec): (4541405/433)
    --sk
    Stuart Kendrick
    FHCRC

    Unfortunately I do not have a support contract for our hardware. I wouldn't even know how to get one.
    However, we do pay top dollar for the equipment and it seems one it's components doesn't work as advertised. So if no support is given I will have to try warrenty instead. This does mean I have to replace the unit with a competitor brand which isn't something I'm keen to do because I want to use Cisco as our main brand. This issue effectively nukes my entire plan.
    Given our work load, CPU power isn't an issue. The encryption level is set to this level because I'm paranoid. Which I reckon is a good thing when it comes to network security (correct me if I'm wrong). Do you suspect these settings could be of any influence in this particular case?
    If I remember correctly I used the "debug crypto isakmp" or "debug crypto isakmp errors" and "debug crypto ipsec" (also perhaps with the "error" suffix), I'm not sure.

  • My Ipad is delete key is stuck

    my ipad seems like the delete key is stuck.  When every try to type any text, it just deletes it.  The cursor keeps on blinking.
    If I reposition the cursor further down in an existing document, then it starts deleting the document from there backwards.  What's the problem?

    Restart your iPad. Press and hold the sleep/wake button until you see the red slider then swipe to power off. Then press and hold the sleep / wake button until you see the Apple logo.

  • I can no longer back-delete or hit return to make a new paragraph, nor can i use the arrows to go backwards and forwards in a line; it's like the fn key is stuck; i've taken it off and cleaned it, and it looked clean.

    I can no longer back-delete or hit return to make a new paragraph, nor can i use the arrows to go backwards and forwards in a line; it's like the fn key is stuck; i've taken it off and cleaned it, and it looked clean.

    Then it's time for a new keyboard.  If you are still under warranty, call AppleCare. 
    For DIY keyboard repair check out the following websites: 
    iFixit 
    YouTube “How To” tutorials.

  • How to boot up in Normal Mode when Shift Key is stuck

    Due to a water spill my Shift Key is stuck.  I was able to enter my password that included lower case letters by using an external (bluetooth) keyboard.  This allowed me to start the computer and access the contents but only in Safe Mode because the shift key was stuck.  Does anyone know a workaround this until I'm able to have the shift key fixed?
    Thank you,
    Jeff

    Liquid damage is very hard to recover from.
    Best option is to take the computer to Apple store and see what can they do for you.
    Suggestions in this article may or may not work, but at least interesting.
    http://www.ifixit.com/Answers/View/4485/My+shift+key+is+always+on.
    Best.

  • Keys getting stuck (not physically)

    Hi,
    Today I realized that my ctrl key gets stuck. If I try and press ctrl + 1 nothing happens, but if I after that press just 1 it behaves as i pressed ctrl + 1 and it won't stop behaving like that until I press just ctrl to "deactivate" it.
    The only way to solve it temporarily is to restart the computer
    This started after the following changes to the computer was done:
    Used the software updater (not used since buying the computer in may/june or so)
    Installed USB Overdrive
    Installed WoW
    Any ideas on how this could be solved?

    Try resetting the SMC and if that doesn't handle it try resetting the PRAM. Here are instructions if you aren't familiar with these:
    _SMC RESET_
    • Shut down the computer.
    • Plug in the MagSafe power adapter to a power source, connecting it to the Mac if its not already connected. Disconnect all peripherals.
    • On the built-in keyboard, press the (left side) Shift-Control-Option keys and the power button at the same time.
    • Release all the keys and the power button at the same time.
    • Press the power button to turn on the computer.
    _PRAM RESET_
    • Shut down the computer.
    • Locate the following keys on the keyboard: Command, Option, P, and R. You will need to hold these keys down simultaneously in step 4.
    • Turn on the computer.
    • Press and hold the Command-Option-P-R keys. You must press this key combination before the gray screen appears.
    • Hold the keys down until the computer restarts and you hear the startup sound for the second time.
    • Release the keys.
    Roger

  • ALT key is stuck.

    It seems that the Alt key is stuck on my phone. There is an arrow in the upper right corner and it is responding to each button as if the alt key is pressed. Any clue how to get this to go away? Thanks!

    Welcme to the Frums!
    Try removing your battery. Replace after 30 seconds - allowing your phone to reboot. 
    See if that helps! 
    Nurse-Berry
    Follow NurseBerry08 on Twitter

  • ALT KEY gets stuck!

    ive been searching the net and forums for the solution of this problem and figured out that there are dozen of blackberry curve users having this same problems. but never did i see anyone giving the right solution. is this really a common problem for blackberry 8520? they dont even know how to solve this problem yet WHAT's happening!? removing the battery for 5min and putting it back again DOESNT WORK! upgrading the OS DOESNT WORK! im really getting annoyed. sorry can anyone help? im desperate. thanks

    Is the problem one of the ALT key getting stuck? Stuck how?
    Does it get stuck as in stuck down like it sticks depressed?
    Or does it remain bouncy ok, but the NUM icon remains on screen?
    If you press the lower left SHIFT key, does this remove the NUM icon?
    1. If any post helps you please click the below the post(s) that helped you.
    2. Please resolve your thread by marking the post "Solution?" which solved it for you!
    3. Install free BlackBerry Protect today for backups of contacts and data.
    4. Guide to Unlocking your BlackBerry & Unlock Codes
    Join our BBM Channels (Beta)
    BlackBerry Support Forums Channel
    PIN: C0001B7B4   Display/Scan Bar Code
    Knowledge Base Updates
    PIN: C0005A9AA   Display/Scan Bar Code

  • Command key is stuck (not physically)

    I tried to log into my computer today, and I found that I could not type anything in the password box whatsoever.
    I then decided to log into a guest account (no password needed), and I found that I still couldn't type anything.
    Messing around with pressing random keys, I discovered that the Command key is stuck, although physically it is raised and non-pressed like any other key. Typing "N" will bring up a new window, typing "T" will open a new tab, typing "F" will bring up the search screen... It is obvious that my computer is registering every keystroke as if the Command key is held down.
    This effectively prevents me from typing anything whatsoever, as well as from logging into my main account.
    I've already tried a restart and a NVRAM reset, both to no avail.
    Any help?

    17kims,
    have you tried plugging in a USB keyboard, to see if it’s only your built-in keyboard that’s affected, or if it’s any keyboard that’s affected?

  • HPDV6, 16 months old. keyboard error. Acting as if delete key is stuck.

    Having probs with laptop acting as though delete key is stuck. Error message box appears every time i try to open a file. it won't go off unless i go through task manager and individually delete the multiple entries. Also when signing on to internet any sign on box fills with dots as though i'm holding the full stop key down,
    Text starts deleting as I am typing dso i have to keep retyping text over and over (including this message)!  The notes i had on 'sticky notes' on my desktop have all been deleted.
    The technician at PC world suggested that i try using a mouse instead of the touch pad. This has made it worse because the mouse pointer is uncontrollable and dances across the screen all the time.
    Have tried phoning HP but only got through to a foreign language speaker - so no help there!!
    HELP - i'm getting desperate!!
    mossfarr

    Notebooks that are build by MSI can be RMAed to MSI directly.
    MSI can verify if they are based on the serial-number, regardless of where you bought it.
    But it's best to check your local MSI pages about this, they usually contain information about the proceedings.

  • HT5860 constant beeps like a key is stuck down constantly, made the noise since new

    I have a MacBook Air and ever since I have had the computer (6 months) it makes a constant beeping noise like a key is stuck on.  There is no reason for it, it happens at random and I can see no pattern to it. Tonight it happened everytime I opened downloads, this afternoon it was when I open my e-mails, no pattern whatsoever.  Anybody giv me some advice?

    Beeps can be an indication there's a problem with the RAM (memory)
    Power On Self-Test Beep Definition

  • It appears that my shift key is stuck, everything including numbers is capped. Can this be fixed?

    It appears that my shift key is stuck, everything including numbers is capped, can this be fixed?

    Yes since it is on a iMac simply replace the keyboard.

  • How to see if key is stuck

    My shift key is stuck and so when I reboot it is in Safety mode.  How can I see if the key gets unstuck.

    Hi,
    Within the frontend application :
    Go to Peopletools/Integration Broker/Service Operations Monitor/Administration/Domain Status
    Within the backend psadmin utility :
    Run psadmin, choose the domain you want to check, then "Domain Status Menu"
    Nicolas.

Maybe you are looking for

  • Using Skype from Multiple Devices - Keeping them i...

    I use my skype account from many different devices as I travel. Can I "force" an update to make sure I've received updates or reflect sends from other devices (esp. IM & SMS) to the device I'm on at the moment?  I'm kinda tired of my iPhone grabbing

  • Materialized view with  a dynamic column.

    Hi, Is it possible to use the materialized view as a function. A column of the view is dynamic, meaning we enter a parameter in the view. thanks

  • PL/SQL Gateway

    Hi. Is there a way to access a list of names of all environment variables, exported by the PL/SQL Gateway when a PL/SQL procedure is invoked via HTTP or HTTPS? Thanks, Mateja

  • Will there be a similar pack for Illustrator CS4 or CS3?

    I just curious if there will be a similar HTML5 pack for Illustrator CS4, and perhaps CS3? I know that when Adobe came out with the HTML5 pack for Dreamweaver CS5 there was a large uproar from the community about having the same pack for previous ver

  • Problem with messaging bridge

              Hi           I'm having some difficulties with the jms-notran-adp messaging brigdge.           The messaging bridge won't work. I'm trying to bridge a MQS 5.2 queue to a weblogic           7.0 queue. The MQS queue and connectionFactory can