Hello. I just thought I should mention I get the same messages in the logs around every 10 seconds and also use VPNC on linux hosts. It's probably going to increase as more and more devices start to connect so it would be nice to get rid of. We're not having any kind of connectivity issues though, only lots of these log messages. Since we only have 1 real vpn user at the moment and it's just a server that we sometimes look at the Nagios GUI on I can safely record everything for a while. I'm connected this way myself from out of the office today also using VPNC. Anyway, I don't really know what to then actually look for in pcap. I see packets that show up around every 10 seconds (like the log messages) that Wireshark identifies as ISAKMP which are 47 bytes long. These don't show up if I instead actually filter for ISAKMP though. If I do that I get much fewer packets spread out about around every 5 minutes that are 138 bytes long instead. Those smaller ISAKMP packets are all going from the client to the PA200 so I guess this is something to do with VPNC maybe? Is this useful to anyone else here in any way? If it matters, there's NAT going on on both ends. On the server side it's the PA itself that does it and forwards things to loopback interfaces that the globalprotect gateway and portal and stuff runs on.
... View more