Hi - I've been pulling my hair out over the last couple of days. I have 2 Vigor 2960s that I'd like to configure in a Lan to Lan configuration. Each 2960 has two active Wan ports - 2960-1 has both Wan ports connected in modem mode and NATed and 2960-2 has both Wan ports connected in Router mode (though I had to configure them as NAT or Internet access failed after a certain amount of time) and the router on wan1 has a DMZ configured to forward all traffic to the static IP address of Wan1. I'd like to create an IPSec VPN between wan1 of 2960-1 and wan1 of 2960-2. Both are on 1.08 firmware. Here is how the config looks:

2960-1


2960-2


and here is how the vpn is set up:

2960-1


2960-2


The VPN connects with no problem and I can see the VPN connection active on both routers. I can ping the 192.168.40.x subnet from 192.168.211.x and vice versa. All seems to be fine - then after a few hours the tunnel stays up but I just can't ping from either side any more.

If I play about for a long time, reboot everything over and over, eventually this starts working again for no apparent reason - but then it just stops again.

I'll post the syslog of it failing once it fails again. Any ideas what's happening?

Thanks in advance
John

This is the syslog of the connection when it's working:

2960-1
<141>May 6 23:21:18 Wagram: pluto[14148]: "Notus" #14: deleting state (STATE_QUICK_I2)
<141>May 6 23:21:18 Wagram: pluto[14148]: "Notus" #14: deleting state #14
<141>May 6 23:21:18 Wagram: [L2L][DOWN][IPsec][@1:Notus]
<137>May 6 23:21:18 Wagram: [L2L][DOWN][IPsec][@1:Notus]
<141>May 6 23:21:20 Wagram: pluto[14148]: "Notus" #13: deleting state (STATE_MAIN_I4)
<141>May 6 23:21:20 Wagram: pluto[14148]: "Notus" #13: deleting state #13
<141>May 6 23:21:20 Wagram: pluto[14148]: "Notus" #15: initiating Main Mode
<141>May 6 23:21:20 Wagram: pluto[14148]: packet from 82.224.231.136:4500: Informational Exchange is for an unknown (expired?) SA
<141>May 6 23:21:22 Wagram: pluto[14148]: packet from 82.224.231.136:4500: Informational Exchange is for an unknown (expired?) SA
<141>May 6 23:21:22 Wagram: pluto[14148]: "Notus" #15: enabling possible NAT-traversal with method RFC 3947 (NAT-Traversal)
<141>May 6 23:21:22 Wagram: pluto[14148]: "Notus" #15: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): peer is NATed
<141>May 6 23:21:22 Wagram: pluto[14148]: "Notus" #15: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.50'
<141>May 6 23:21:22 Wagram: pluto[14148]: "Notus" #15: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64 prf=oakley_md5 group=modp768}
<141>May 6 23:21:22 Wagram: pluto[14148]: "Notus" #16: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+ACCEPTALL+USEMORE+0x10000000+0x20000000 {using isakmp#15}
<141>May 6 23:21:23 Wagram: [L2L][UP][IPsec][@1:Notus]
<137>May 6 23:21:23 Wagram: [L2L][UP][IPsec][@1:Notus]
<141>May 6 23:21:23 Wagram: pluto[14148]: "Notus" #16: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x63ca79d8 b994bbc7 xfrm=3DES_0-HMAC_MD5 NATD=82.224.231.136:4500 DPD=enabled}

2960-2
<141>May 6 23:21:18 Notus: pluto[11711]: "Wagram" #8: received Delete SA(0x8efa676e) payload: deleting IPSEC State #9 after 10 seconds
<141>May 6 23:21:18 Notus: pluto[11711]: "Wagram" #8: received and ignored informational message
<141>May 6 23:21:20 Notus: pluto[11711]: "Wagram" #8: received Delete SA payload: deleting ISAKMP State #8
<141>May 6 23:21:20 Notus: pluto[11711]: "Wagram" #8: find corresponding phase 2 is going to be deleted in 10 seconds... delete it now
<141>May 6 23:21:20 Notus: pluto[11711]: "Wagram" #8: deleting state #9
<141>May 6 23:21:21 Notus: [L2L][DOWN][IPsec][@1:Wagram]
<137>May 6 23:21:21 Notus: [L2L][DOWN][IPsec][@1:Wagram]
<141>May 6 23:21:21 Notus: pluto[11711]: "Wagram" #8: deleting state #8
<141>May 6 23:21:21 Notus: pluto[11711]: packet from 82.238.41.194:4500: received and ignored informational message
<141>May 6 23:21:21 Notus: pluto[11711]: "Wagram" #10: responding to Main Mode
<141>May 6 23:21:22 Notus: pluto[11711]: "Wagram" #10: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): i am NATed
<141>May 6 23:21:22 Notus: pluto[11711]: "Wagram" #10: Main mode peer ID is ID_IPV4_ADDR: '82.238.41.194'
<141>May 6 23:21:22 Notus: pluto[11711]: "Wagram" #10: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_des_cbc_64 prf=oakley_md5 group=modp768}
<141>May 6 23:21:22 Notus: pluto[11711]: "Wagram" #11: responding to Quick Mode {msgid:5d164e4b}
<141>May 6 23:21:24 Notus: [L2L][UP][IPsec][@1:Wagram]
<137>May 6 23:21:24 Notus: [L2L][UP][IPsec][@1:Wagram]
<141>May 6 23:21:25 Notus: pluto[11711]: "Wagram" #11: STATE_QUICK_R2: IPsec SA established {ESP=>0xb994bbc7 63ca79d8 xfrm=3DES_0-HMAC_MD5 NATD=82.238.41.194:4500 DPD=enabled}

and this is the 2960-1 log, sometime during which it stopped working (vpn still up but can't ping):

<141>May 8 10:48:08 Wagram: pluto[14148]: "Notus" #107: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+ACCEPTALL+USEMORE+0x10000000+0x20000000 to replace #106 {using isakmp#105}
<141>May 8 10:48:08 Wagram: pluto[14148]: "Notus" #107: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0xcbeb9008 a55f4608 xfrm=3DES_0-HMAC_MD5 NATD=82.224.231.136:4500 DPD=enabled}
<141>May 8 11:01:47 Wagram: pluto[14148]: "Notus" #106: deleting state #106
<141>May 8 11:01:47 Wagram: pluto[14148]: "Notus" #105: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x6383e132) not found (maybe expired)
<141>May 8 11:01:47 Wagram: pluto[14148]: "Notus" #105: received and ignored informational message
<141>May 8 11:36:17 Wagram: pluto[14148]: "Notus" #108: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+ACCEPTALL+USEMORE+0x10000000+0x20000000 to replace #107 {using isakmp#105}
<141>May 8 11:36:17 Wagram: pluto[14148]: "Notus" #108: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x8572fd0e 585faf06 xfrm=3DES_0-HMAC_MD5 NATD=82.224.231.136:4500 DPD=enabled}
<141>May 8 11:48:08 Wagram: pluto[14148]: "Notus" #107: deleting state #107
<141>May 8 11:48:08 Wagram: pluto[14148]: "Notus" #105: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xcbeb9008) not found (maybe expired)
<141>May 8 11:48:08 Wagram: pluto[14148]: "Notus" #105: received and ignored informational message
<141>May 8 12:20:58 Wagram: pluto[14148]: "Notus" #109: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+ACCEPTALL+USEMORE+0x10000000+0x20000000 to replace #108 {using isakmp#105}
<141>May 8 12:20:58 Wagram: pluto[14148]: "Notus" #109: STATE_QUICK_I2: sent QI2, IPsec SA established {ESP=>0x8cf92f54 089b192a xfrm=3DES_0-HMAC_MD5 NATD=82.224.231.136:4500 DPD=enabled}
<141>May 8 12:36:17 Wagram: pluto[14148]: "Notus" #105: received Delete SA(0x8572fd0e) payload: deleting IPSEC State #108 after 10 seconds
<141>May 8 12:36:17 Wagram: pluto[14148]: "Notus" #105: received and ignored informational message
<141>May 8 12:36:27 Wagram: pluto[14148]: "Notus" #108: Delay Delete SA IPSEC State #108
<141>May 8 12:36:27 Wagram: pluto[14148]: "Notus" #108: deleting state #108

and this is the 2960-2 log for the same time period:

<141>May 8 10:48:08 Notus: pluto[11356]: "Wagram" #45: responding to Quick Mode {msgid:5ee4862f}
<141>May 8 10:48:08 Notus: pluto[11356]: "Wagram" #45: STATE_QUICK_R2: IPsec SA established {ESP=>0xa55f4608 cbeb9008 xfrm=3DES_0-HMAC_MD5 NATD=82.238.41.194:4500 DPD=enabled}
<141>May 8 11:01:47 Notus: pluto[11356]: "Wagram" #44: deleting state #44
<141>May 8 11:01:47 Notus: pluto[11356]: "Wagram" #43: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x86ece4fc) not found (maybe expired)
<141>May 8 11:01:47 Notus: pluto[11356]: "Wagram" #43: received and ignored informational message
<141>May 8 11:36:17 Notus: pluto[11356]: "Wagram" #46: responding to Quick Mode {msgid:58bada64}
<141>May 8 11:36:17 Notus: pluto[11356]: "Wagram" #46: STATE_QUICK_R2: IPsec SA established {ESP=>0x585faf06 8572fd0e xfrm=3DES_0-HMAC_MD5 NATD=82.238.41.194:4500 DPD=enabled}
<141>May 8 11:48:08 Notus: pluto[11356]: "Wagram" #45: deleting state #45
<141>May 8 11:48:08 Notus: pluto[11356]: "Wagram" #43: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0xa55f4608) not found (maybe expired)
<141>May 8 11:48:08 Notus: pluto[11356]: "Wagram" #43: received and ignored informational message
<141>May 8 12:20:58 Notus: pluto[11356]: "Wagram" #47: responding to Quick Mode {msgid:f44ff74c}
<141>May 8 12:20:58 Notus: pluto[11356]: "Wagram" #47: STATE_QUICK_R2: IPsec SA established {ESP=>0x089b192a 8cf92f54 xfrm=3DES_0-HMAC_MD5 NATD=82.238.41.194:4500 DPD=enabled}
<141>May 8 12:36:17 Notus: pluto[11356]: "Wagram" #46: deleting state #46
<141>May 8 12:36:27 Notus: pluto[11356]: "Wagram" #43: ignoring Delete SA payload: PROTO_IPSEC_ESP SA(0x585faf06) not found (maybe expired)
<141>May 8 12:36:27 Notus: pluto[11356]: "Wagram" #43: received and ignored informational message

Next - disconnected the VPN and let it re-connect automatically - still couldn't ping.
Rebooted 2960-2 - still couldn't ping.
Rebooted 2960-1 - started to ping OK again.