Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Received IPSEC SA delete request

Received IPSEC SA delete request

Received IPSEC SA delete request

I have 8 static VPN tunnels linking remote sites and a central location using Linksys AG041 VPN routers and Netgear DG834 routers at the remote sites and a Sonicwall PRO 1260 at the central location.  The sites all connect fine and traffic flows as expected, but in the Sonicwall log I receive numerous (50+) logs when the Linksys boxes renegotiate the tunnels.  Example:

01/12/2007 11:17:10.432 - Info - VPN IKE -     Received IPSec SA delete request -     AAA.AAA.AAA.AAA, 500 -     BBB.BBB.BBB.BBB, 500 -     VPN Policy: <VPNPolicyName>, SPI:a6ec8ed
01/12/2007 11:17:10.432 - Info - VPN IKE -     Received IPSec SA delete request -     AAA.AAA.AAA.AAA, 500 -     BBB.BBB.BBB.BBB, 500 -     VPN Policy: <VPNPolicyName>, SPI:71afa68

AAA.AAA.AAA.AAA is the remote site and BBB.BBB.BBB.BBB is the central site.

This is just two entries but there are usually 50 or more each time a tunnel is renegotiated every 8 hours.  The Netgear boxes simply renegotiate as normal without the extra log files.

It looks like the delete requests are generated by the Linksys boxes very quickly (over the 50 logs the time hardly changes).  The SPI changes with each log entry (sometimes there is no SPI) until the tunnel successfully renegotiates.  There doesn't seem to be a performance impact but the entries fill up the log on the Sonicwall 3 or 4 times per day which is annoying.  Neither Linksys or Sonicwall support can help, they just say that because it is recorded as "Info" in the log it is not a problem but something is not right.

The settings are the same on both the Netgear and Linksys boxes, 3DES/SHA1, No PFS, 28800 key lifetime settings for both Phase 1 and 2.  Both use Main mode to connect.

Anyone any thoughts or similar experience?

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close