This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

PAN-OS 8.0.5 sending continuous delete and create for IPSec SA

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

PAN-OS 8.0.5 sending continuous delete and create for IPSec SA

HITESHHAPANI
L1 Bithead

‎06-17-2020 01:59 AM

PA is sending continuous delete create every 3 seconds. It can be seen from the PA logs that SPI 0xAFD67238/0xC436E70E created at time 2020-06-13 05:50:55.230 and PA became responder for established child SA. For some strange reason PA again triggers child sa creation at 2020-06-13 05:50:55.968  for SPI 0x965504AB/0xCA05A690 and delete older SPI and this keeps on going every 3 seconds. Following are the PA logs for one iteration.

 

 

2020-06-13 05:50:51.000 -0700 [DEBG]: 10.15.28.171[500] - 10.15.30.30[500]:(nil) 1 times of 76 bytes message will be sent over socket 1024
2020-06-13 05:50:51.008 -0700 [DEBG]: ===
2020-06-13 05:50:51.008 -0700 [DEBG]: 76 bytes message received from 10.15.30.30[500]
2020-06-13 05:50:51.008 -0700 [DEBG]: { 1: }: response exch type 37
2020-06-13 05:50:51.008 -0700 [DEBG]: { 1: }: update response message_id 0x2
2020-06-13 05:50:55.098 -0700 [DEBG]: ===
2020-06-13 05:50:55.098 -0700 [DEBG]: 76 bytes message received from 10.15.30.30[500]
2020-06-13 05:50:55.098 -0700 [DEBG]: { 1: }: request exch type 37
2020-06-13 05:50:55.098 -0700 [DEBG]: { 1: }: update request message_id 0x0
2020-06-13 05:50:55.098 -0700 [INFO]: { 1: }: received DELETE payload, gateway ike-vpn-10-15-20-168 SA state ESTABLISHED, SPI 8c37416b7bb4a516:0071235c13808317
2020-06-13 05:50:55.099 -0700 [INFO]: { 1: }: 10.15.28.171[500] - 10.15.30.30[500]:(nil) closing IKEv2 SA ike-vpn-10-15-20-168:591, code 7
2020-06-13 05:50:55.099 -0700 [DEBG]: { 1: }: SA dying from state ESTABLISHED, caller ikev2_abort
2020-06-13 05:50:55.099 -0700 [DEBG]: { 1: }: keeping retransmit while state changed to DYING, CID 25360, child 0x7fffe4004c30
2020-06-13 05:50:55.099 -0700 [PNTF]: { 1: 1}: ====> IPSEC KEY DELETED; tunnel ipsec-tunnel-10-15-20-168 <====
====> Deleted SA: 10.15.28.171[500]-10.15.30.30[500] SPI:0xA2285B6E/0xC7736EAB <====
2020-06-13 05:50:55.099 -0700 [INFO]: { 1: 1}: SADB_DELETE proto=255 src=10.15.30.30[0] dst=10.15.28.171[0] ESP spi=0xA2285B6E
2020-06-13 05:50:55.099 -0700 [DEBG]: { 1: }: SA deleted: state DYING, caller ikev2_abort
2020-06-13 05:50:55.099 -0700 [DEBG]: { 1: }: stop retransmit for sa 0x7fffe4004c30 (DEAD), CID 25360, child 0x7fffe4004c30
2020-06-13 05:50:55.099 -0700 [DEBG]: 10.15.28.171[500] - 10.15.30.30[500]:(nil) 1 times of 76 bytes message will be sent over socket 1024
2020-06-13 05:50:55.208 -0700 [DEBG]: ===
2020-06-13 05:50:55.208 -0700 [DEBG]: 510 bytes message received from 10.15.30.30[500]
2020-06-13 05:50:55.208 -0700 [INFO]: { 1: }: received IKE request 10.15.30.30[500] to 10.15.28.171[500], found IKE gateway ike-vpn-10-15-20-168
2020-06-13 05:50:55.208 -0700 [PNTF]: { 1: }: ====> IKEv2 IKE SA NEGOTIATION STARTED AS RESPONDER, non-rekey; gateway ike-vpn-10-15-20-168 <====
====> Initiated SA: 10.15.28.171[500]-10.15.30.30[500] SPI:fab08f9e0ddf3aa6:41ed5325d7d82a03 SN:592 <====
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: received Notify type NAT_DETECTION_SOURCE_IP
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: received Notify type NAT_DETECTION_DESTINATION_IP
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: received Notify type 16430
2020-06-13 05:50:55.209 -0700 [PWRN]: { 1: }: 10.15.28.171[500] - 10.15.30.30[500]:0xa1c870 ignoring unauthenticated notify payload (16430)
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: received Notify type 16431
2020-06-13 05:50:55.209 -0700 [PWRN]: { 1: }: 10.15.28.171[500] - 10.15.30.30[500]:0xa1c870 ignoring unauthenticated notify payload (16431)
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: received Notify type 16406
2020-06-13 05:50:55.209 -0700 [PWRN]: { 1: }: 10.15.28.171[500] - 10.15.30.30[500]:0xa1c870 ignoring unauthenticated notify payload (16406)
2020-06-13 05:50:55.209 -0700 [DEBG]: proposal #1 len=44
2020-06-13 05:50:55.209 -0700 [DEBG]: proposal #2 len=44
2020-06-13 05:50:55.209 -0700 [DEBG]: proposal #3 len=44
2020-06-13 05:50:55.209 -0700 [DEBG]: proposal #4 len=44
2020-06-13 05:50:55.209 -0700 [DEBG]: proposal #5 len=44
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: see whether there's matching transform
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: found same ID. compare attributes
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: OK; advance to next of my transform type
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: see whether there's matching transform
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: found same ID. compare attributes
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: OK; advance to next of my transform type
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: see whether there's matching transform
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: found same ID. compare attributes
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: OK; advance to next of my transform type
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: see whether there's matching transform
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: found same ID. compare attributes
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: OK; advance to next of my transform type
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: success
2020-06-13 05:50:55.209 -0700 [DEBG]: { 1: }: update request message_id 0x0
2020-06-13 05:50:55.209 -0700 [DEBG]: 10.15.28.171[500] - 10.15.30.30[500]:(nil) 1 times of 304 bytes message will be sent over socket 1024
2020-06-13 05:50:55.228 -0700 [DEBG]: ===
2020-06-13 05:50:55.228 -0700 [DEBG]: 268 bytes message received from 10.15.30.30[4500]
2020-06-13 05:50:55.228 -0700 [DEBG]: { 1: }: received notify type MOBIKE_SUPPORTED
2020-06-13 05:50:55.228 -0700 [DEBG]: { 1: }: received notify type NO_ADDITIONAL_ADDRESSES
2020-06-13 05:50:55.228 -0700 [DEBG]: { 1: }: received notify type EAP_ONLY_AUTHENTICATION
2020-06-13 05:50:55.228 -0700 [DEBG]: { 1: }: received notify type 16420
2020-06-13 05:50:55.228 -0700 [INFO]: { 1: }: 10.15.28.171[4500] - 10.15.30.30[4500]:0x7fffe4002df0 authentication result: success
2020-06-13 05:50:55.228 -0700 [DEBG]: { 1: }: ikev2_process_child_notify(0x7fffe4006bec, 0x7fffeb50aa60), notify type MOBIKE_SUPPORTED
2020-06-13 05:50:55.228 -0700 [PWRN]: { 1: }: 16396 is not a child notify type
2020-06-13 05:50:55.228 -0700 [INFO]: { 1: }: received Notify payload protocol 0 type MOBIKE_SUPPORTED
2020-06-13 05:50:55.228 -0700 [DEBG]: { 1: }: ikev2_process_child_notify(0x7fffe4006bf4, 0x7fffeb50aa60), notify type NO_ADDITIONAL_ADDRESSES
2020-06-13 05:50:55.228 -0700 [PWRN]: { 1: }: 16399 is not a child notify type
2020-06-13 05:50:55.228 -0700 [INFO]: { 1: }: received Notify payload protocol 0 type NO_ADDITIONAL_ADDRESSES
2020-06-13 05:50:55.228 -0700 [DEBG]: { 1: }: ikev2_process_child_notify(0x7fffe4006bfc, 0x7fffeb50aa60), notify type EAP_ONLY_AUTHENTICATION
2020-06-13 05:50:55.228 -0700 [PWRN]: { 1: }: 16417 is not a child notify type
2020-06-13 05:50:55.228 -0700 [INFO]: { 1: }: received Notify payload protocol 0 type EAP_ONLY_AUTHENTICATION
2020-06-13 05:50:55.228 -0700 [DEBG]: { 1: }: ikev2_process_child_notify(0x7fffe4006c04, 0x7fffeb50aa60), notify type 16420
2020-06-13 05:50:55.229 -0700 [PWRN]: { 1: }: 16420 is not a child notify type
2020-06-13 05:50:55.229 -0700 [INFO]: { 1: }: received Notify payload protocol 0 type 16420
2020-06-13 05:50:55.229 -0700 [DEBG]: proposal #1 len=40
2020-06-13 05:50:55.229 -0700 [DEBG]: proposal #2 len=40
2020-06-13 05:50:55.229 -0700 [PNTF]: { 1: }: ====> IKEv2 CHILD SA NEGOTIATION STARTED AS RESPONDER, non-rekey; gateway ike-vpn-10-15-20-168 <====
====> Initiated SA: 10.15.28.171[4500]-10.15.30.30[4500] message id:0x00000001 parent SN:592 <====
2020-06-13 05:50:55.229 -0700 [WARN]: { 1: 1}: selector ipsec-tunnel-10-15-20-168 src is ambiguous, using the first one of the expanded addresses
2020-06-13 05:50:55.229 -0700 [WARN]: { 1: 1}: selector ipsec-tunnel-10-15-20-168 dst is ambiguous, using the first one of the expanded addresses
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: TS matching for configured selector ipsec-tunnel-10-15-20-168 0.0.0.0[0]/0-0.0.0.0[0]/0 proto 0
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: .. check local TS (num 1, TS0 is not specific) against selector 0:0.0.0.0[0]/0
2020-06-13 05:50:55.229 -0700 [DEBG]: { : 1}: ... TS 0: exact match
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: ... result: local TS = 0.0.0.0[0]/0
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: .. check remote TS (num 1, TS0 is not specific) against selector 0:0.0.0.0[0]/0
2020-06-13 05:50:55.229 -0700 [DEBG]: { : 1}: ... TS 0: exact match
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: ... result: remote TS = 0.0.0.0[0]/0
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: TS matching result: TS_l match(=), TS_r match(=) *
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: selector chosen ipsec-tunnel-10-15-20-168: tid 1
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: success
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: success
2020-06-13 05:50:55.229 -0700 [INFO]: { 1: 1}: SADB_UPDATE proto=255 10.15.30.30[4500]=>10.15.28.171[4500] ESP tunl spi 0xAFD67238 auth=SHA1 enc=AES128/16 lifetime soft 1603/0 hard 1801/0
2020-06-13 05:50:55.229 -0700 [INFO]: { 1: 1}: SADB_ADD proto=255 10.15.28.171[4500]=>10.15.30.30[4500] ESP tunl spi 0xC436E70E auth=SHA1 enc=AES128/16 lifetime soft 1610/0 hard 1801/0
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: sadb ts: port 0:65535 IP 0.0.0.0->255.255.255.255 proto:0 len:16
2020-06-13 05:50:55.229 -0700 [DEBG]: { 1: 1}: sadb ts: port 0:65535 IP 0.0.0.0->255.255.255.255 proto:0 len:16
2020-06-13 05:50:55.230 -0700 [PNTF]: { 1: 1}: ====> IPSEC KEY INSTALLATION SUCCEEDED; tunnel ipsec-tunnel-10-15-20-168 <====
====> Installed SA: 10.15.28.171[4500]-10.15.30.30[4500] SPI:0xAFD67238/0xC436E70E lifetime 1801 Sec lifesize unlimited <====
2020-06-13 05:50:55.230 -0700 [PNTF]: { 1: 1}: ====> IKEv2 CHILD SA NEGOTIATION SUCCEEDED AS RESPONDER, non-rekey; tunnel ipsec-tunnel-10-15-20-168 <====
====> Established SA: 10.15.28.171[4500]-10.15.30.30[4500] message id:0x00000001, SPI:0xAFD67238/0xC436E70E parent SN:592 <====
2020-06-13 05:50:55.230 -0700 [DEBG]: { 1: }: SA established: state RES_IKE_AUTH_RCVD, caller ikev2_responder_state1_send, attach 1
2020-06-13 05:50:55.230 -0700 [PNTF]: { 1: }: ====> IKEv2 IKE SA NEGOTIATION SUCCEEDED AS RESPONDER, non-rekey; gateway ike-vpn-10-15-20-168 <====
====> Established SA: 10.15.28.171[4500]-10.15.30.30[4500] SPI:fab08f9e0ddf3aa6:41ed5325d7d82a03 SN:592 lifetime 1500 Sec <====
2020-06-13 05:50:55.231 -0700 [DEBG]: 10.15.28.171[4500] - 10.15.30.30[4500]:(nil) 1 times of 208 bytes message will be sent over socket 1025
2020-06-13 05:50:55.231 -0700 [DEBG]: { 1: }: update request message_id 0x1
2020-06-13 05:50:55.231 -0700 [DEBG]: { : 1}: keyacquire received: 10.15.28.171[0] => 10.15.30.30[0]
2020-06-13 05:50:55.231 -0700 [DEBG]: { 1: 1}: ikev2_initiate: child_sa created: id 25362
2020-06-13 05:50:55.231 -0700 [DEBG]: { 1: 1}: construct TS_r 0.0.0.0 -> 255.255.255.255
2020-06-13 05:50:55.231 -0700 [DEBG]: { 1: 1}: construct TS_r :: -> ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
2020-06-13 05:50:55.231 -0700 [DEBG]: { 1: 1}: construct TS_i 0.0.0.0 -> 255.255.255.255
2020-06-13 05:50:55.231 -0700 [DEBG]: { 1: 1}: construct TS_i :: -> ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
2020-06-13 05:50:55.231 -0700 [DEBG]: 10.15.28.171[4500] - 10.15.30.30[4500]:(nil) 1 times of 368 bytes message will be sent over socket 1025
2020-06-13 05:50:55.408 -0700 [DEBG]: ===
2020-06-13 05:50:55.408 -0700 [DEBG]: 284 bytes message received from 10.15.30.30[4500]
2020-06-13 05:50:55.408 -0700 [DEBG]: { 1: }: response exch type 36
2020-06-13 05:50:55.408 -0700 [DEBG]: { 1: }: update response message_id 0x0
2020-06-13 05:50:55.409 -0700 [DEBG]: proposal #1 len=48
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: success
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: see whether there's matching transform
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: found same ID. compare attributes
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: OK; advance to next of my transform type
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: success
2020-06-13 05:50:55.409 -0700 [INFO]: { 1: 1}: SADB_UPDATE proto=255 10.15.30.30[4500]=>10.15.28.171[4500] ESP tunl spi 0x965504AB auth=SHA1 enc=AES128/16 lifetime soft 1543/0 hard 1801/0
2020-06-13 05:50:55.409 -0700 [INFO]: { 1: 1}: SADB_ADD proto=255 10.15.28.171[4500]=>10.15.30.30[4500] ESP tunl spi 0xCA05A690 auth=SHA1 enc=AES128/16 lifetime soft 1506/0 hard 1801/0
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: sadb ts: port 0:65535 IP 0.0.0.0->255.255.255.255 proto:0 len:16
2020-06-13 05:50:55.409 -0700 [DEBG]: { 1: 1}: sadb ts: port 0:65535 IP 0.0.0.0->255.255.255.255 proto:0 len:16
2020-06-13 05:50:55.410 -0700 [PNTF]: { 1: 1}: ====> IPSEC KEY INSTALLATION SUCCEEDED; tunnel ipsec-tunnel-10-15-20-168 <====
====> Installed SA: 10.15.28.171[4500]-10.15.30.30[4500] SPI:0x965504AB/0xCA05A690 lifetime 1801 Sec lifesize unlimited <====
2020-06-13 05:50:55.410 -0700 [PNTF]: { 1: 1}: ====> IKEv2 CHILD SA NEGOTIATION SUCCEEDED AS INITIATOR, non-rekey; tunnel ipsec-tunnel-10-15-20-168 <====
====> Established SA: 10.15.28.171[4500]-10.15.30.30[4500] message id:0x00000000, SPI:0x965504AB/0xCA05A690 parent SN:592 <====
2020-06-13 05:50:55.968 -0700 [DEBG]: { 1: 1}: keymirror del start ----------------
2020-06-13 05:50:55.968 -0700 [DEBG]: { 1: 1}: keymirror del for selfSPI AFD67238, retcode -1.
2020-06-13 05:50:55.968 -0700 [DEBG]: { 1: 1}: keymirror del start ----------------
2020-06-13 05:50:55.968 -0700 [DEBG]: { 1: 1}: keymirror del for selfSPI A2285B6E, retcode 0.
2020-06-13 05:50:55.968 -0700 [DEBG]: { 1: 1}: keymirror add start ++++++++++++++++
2020-06-13 05:50:55.968 -0700 [DEBG]: { 1: 1}: keymgr: key insert called.
2020-06-13 05:50:55.968 -0700 [DEBG]: { 1: 1}: keymirror add for selfSPI 965504AB, retcode 0.
2020-06-13 05:50:55.968 -0700 [PNTF]: { 1: 1}: ====> IKEv2 CHILD SA DELETED AS RESPONDER, non-rekey; tunnel ipsec-tunnel-10-15-20-168 <====
====> Deleted SA: 10.15.28.171[4500]-10.15.30.30[4500] message id:0x00000001, SPI:0xAFD67238/0xC436E70E parent SN:592 <====
2020-06-13 05:50:55.969 -0700 [INFO]: { 1: }: ikev2_request_initiator_start: SA state ESTABLISHED type 3 caller ikev2_child_delete
2020-06-13 05:50:55.969 -0700 [INFO]: { 1: }: IKEv2 INFO transmit: gateway ike-vpn-10-15-20-168, message_id: 0x00000001, type 3 SA state ESTABLISHED
2020-06-13 05:50:55.969 -0700 [DEBG]: 10.15.28.171[4500] - 10.15.30.30[4500]:(nil) 1 times of 80 bytes message will be sent over socket 1025
2020-06-13 05:50:55.969 -0700 [PNTF]: { 1: 1}: ====> IPSEC KEY DELETED; tunnel ipsec-tunnel-10-15-20-168 <====
====> Deleted SA: 10.15.28.171[4500]-10.15.30.30[4500] SPI:0xAFD67238/0xC436E70E <====
2020-06-13 05:50:55.969 -0700 [INFO]: { 1: 1}: SADB_DELETE proto=255 src=10.15.30.30[0] dst=10.15.28.171[0] ESP spi=0xAFD67238
2020-06-13 05:50:56.058 -0700 [DEBG]: ===
2020-06-13 05:50:56.058 -0700 [DEBG]: 76 bytes message received from 10.15.30.30[4500]
2020-06-13 05:50:56.058 -0700 [DEBG]: { 1: }: response exch type 37
2020-06-13 05:50:56.058 -0700 [DEBG]: { 1: }: update response message_id 0x1
2020-06-13 05:50:56.058 -0700 [INFO]: { 1: }: received DELETE payload, protocol ESP, num of SPI: 1 IKE SA state ESTABLISHED
2020-06-13 05:50:56.058 -0700 [INFO]: { 1: }: delete proto ESP spi 0xC436E70E
2020-06-13 05:50:56.059 -0700 [PWRN]: { 1: }: can't find sa for proto ESP spi 0xC436E70E
2020-06-13 05:51:06.000 -0700 [DEBG]: 10.15.28.171[4500] - 10.15.30.30[4500]:(nil) 1 times of 80 bytes message will be sent over socket 1025
2020-06-13 05:51:06.008 -0700 [DEBG]: ===
2020-06-13 05:51:06.008 -0700 [DEBG]: 76 bytes message received from 10.15.30.30[4500]
2020-06-13 05:51:06.008 -0700 [DEBG]: { 1: }: response exch type 37
2020-06-13 05:51:06.008 -0700 [DEBG]: { 1: }: update response message_id 0x2
2020-06-13 05:51:15.748 -0700 [DEBG]: { : 1}: keyacquire received: 10.15.28.171[0] => 10.15.30.30[0]
2020-06-13 05:51:15.748 -0700 [DEBG]: { 1: 1}: 10.15.28.171[0] => 10.15.30.30[0]: key acquire request ignored, SA MATURE
2020-06-13 05:51:16.000 -0700 [DEBG]: 10.15.28.171[4500] - 10.15.30.30[4500]:(nil) 1 times of 80 bytes message will be sent over socket 1025
2020-06-13 05:51:16.008 -0700 [DEBG]: ===
2020-06-13 05:51:16.008 -0700 [DEBG]: 76 bytes message received from 10.15.30.30[4500]
2020-06-13 05:51:16.008 -0700 [DEBG]: { 1: }: response exch type 37
2020-06-13 05:51:16.008 -0700 [DEBG]: { 1: }: update response message_id 0x3
2020-06-13 05:51:22.750 -0700 [DEBG]: { : 1}: keyacquire received: 10.15.28.171[0] => 10.15.30.30[0]
2020-06-13 05:51:22.750 -0700 [DEBG]: { 1: 1}: 10.15.28.171[0] => 10.15.30.30[0]: key acquire request ignored, SA MATURE
2020-06-13 05:51:26.000 -0700 [DEBG]: 10.15.28.171[4500] - 10.15.30.30[4500]:(nil) 1 times of 80 bytes message will be sent over socket 1025
2020-06-13 05:51:26.008 -0700 [DEBG]: ===
2020-06-13 05:51:26.008 -0700 [DEBG]: 76 bytes message received from 10.15.30.30[4500]
2020-06-13 05:51:26.008 -0700 [DEBG]: { 1: }: response exch type 37
2020-06-13 05:51:26.008 -0700 [DEBG]: { 1: }: update response message_id 0x4
2020-06-13 05:51:28.749 -0700 [DEBG]: { : 1}: keyacquire received: 10.15.28.171[0] => 10.15.30.30[0]
2020-06-13 05:51:28.749 -0700 [DEBG]: { 1: 1}: 10.15.28.171[0] => 10.15.30.30[0]: key acquire request ignored, SA MATURE
2020-06-13 05:51:34.748 -0700 [DEBG]: { : 1}: keyacquire received: 10.15.28.171[0] => 10.15.30.30[0]
2020-06-13 05:51:34.748 -0700 [DEBG]: { 1: 1}: 10.15.28.171[0] => 10.15.30.30[0]: key acquire request ignored, SA MATURE
2020-06-13 05:51:36.000 -0700 [DEBG]: 10.15.28.171[4500] - 10.15.30.30[4500]:(nil) 1 times of 80 bytes message will be sent over socket 1025
2020-06-13 05:51:36.008 -0700 [DEBG]: ===
2020-06-13 05:51:36.008 -0700 [DEBG]: 76 bytes message received from 10.15.30.30[4500]
2020-06-13 05:51:36.008 -0700 [DEBG]: { 1: }: response exch type 37
2020-06-13 05:51:36.008 -0700 [DEBG]: { 1: }: update response message_id 0x5

 

 

 

 

0 Likes Likes
2 REPLIES 2

BPry
Cyber Elite
Cyber Elite

‎06-17-2020 02:22 PM

@HITESHHAPANI,

8.0 as a whole has hit EOL as of 31-OCT-2019, and 8.0.5 is a really early release in that code branch. I would highly recommend you upgrade to a supported release before you spend any additional time looking into this. 

0 Likes Likes

HITESHHAPANI
L1 Bithead
In response to BPry

‎06-23-2020 11:28 PM

@BPry Seeing the same issue with 9.0 version also. This thread implies that same issue exists with older PA version also https://live.paloaltonetworks.com/t5/general-topics/ipsec-vpn-restarts-very-often/td-p/42519 

0 Likes Likes
  • 5329 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks