<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
<meta name="Generator" content="Microsoft Exchange Server">
<!-- converted from text --><style><!-- .EmailQuote { margin-left: 1pt; padding-left: 4pt; border-left: #800000 2px solid; } --></style>
</head>
<body>
<div>
<div>I thought that was the issue initially, and have posted on issue 317, I believe it is, but was second guessing myself once the lifetime of the peer has changed from 8 hours to 24.</div>
<div>Thank you Martin.</div>
<div><br>
</div>
<div><br>
</div>
--
<div><b><i>Izz</i></b></div>
<div><i>Sent using Android™</i></div>
<br>
<br>
<br>
-------- Original message --------<br>
From: Martin Willi <martin@strongswan.org> <br>
Date: 09/16/2013 2:55 AM (GMT-06:00) <br>
To: Izz Abdullah <izz.abdullah@wepanow.com> <br>
Cc: users@lists.strongswan.org <br>
Subject: Re: [strongSwan] site-to-site vpn tunnel drops exactly every 6 hours : StrongSwan <-> Cisco ASA
<br>
<br>
<br>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">Hi,<br>
<br>
> Sep 15 16:34:02 bhm-ipsec-221 charon: 16[ENC] parsed ID_PROT request 0 [ SA V V V V ]<br>
<br>
> Sep 15 16:34:02 bhm-ipsec-221 charon: 15[IKE] deleting duplicate IKE_SA for peer 'XXX.YYY.2.20' due to uniqueness policy<br>
> Sep 15 16:34:02 bhm-ipsec-221 charon: 15[IKE] deleting IKE_SA school-tunnel02[144] between 10.10.100.221[wepa]...XXX.YYY.2.20[XXX.YYY.2.20]<br>
> Sep 15 16:34:02 bhm-ipsec-221 charon: 15[IKE] sending DELETE for IKE_SA school-tunnel02[144]<br>
> Sep 15 16:34:02 bhm-ipsec-221 charon: 15[ENC] generating INFORMATIONAL_V1 request 3554893475 [ HASH D ]<br>
> Sep 15 16:34:02 bhm-ipsec-221 charon: 15[NET] sending packet: from 10.10.100.221[4500] to XXX.YYY.2.20[4500] (84 bytes)<br>
> Sep 15 16:34:02 bhm-ipsec-221 charon: 15[IKE] IKE_SA school-tunnel02[152] established between 10.10.100.221[wepa]...XXX.YYY.2.20[XXX.YYY.2.20]<br>
> Sep 15 16:34:02 bhm-ipsec-221 charon: 15[ENC] generating ID_PROT response 0 [ ID HASH ]<br>
> Sep 15 16:34:02 bhm-ipsec-221 charon: 15[NET] sending packet: from 10.10.100.221[4500] to XXX.YYY.2.20[4500] (68 bytes)<br>
> Sep 15 16:34:02 bhm-ipsec-221 charon: 14[NET] received packet: from XXX.YYY.2.20[4500] to 10.10.100.221[4500] (68 bytes)<br>
> Sep 15 16:34:02 bhm-ipsec-221 charon: 14[ENC] parsed INFORMATIONAL_V1 request 3654723502 [ HASH D ]<br>
> Sep 15 16:34:02 bhm-ipsec-221 charon: 14[IKE] received DELETE for ESP CHILD_SA with SPI aadc2798<br>
<br>
The peer tries to re-authenticate the ISAKMP SA. Due to your unique<br>
policy and a limitation of our new IKEv1 implementation, this leads to a<br>
problem: The uniqueness policy deletes the old ISAKMP during<br>
re-authentication before it can complete.<br>
<br>
This is a know issue, and I hope I'll find some time to fix this. In the<br>
mean time, you should consider setting uniqueids=no in ipsec.conf, have<br>
a look at the manpage for details.<br>
<br>
Regards<br>
Martin<br>
<br>
</div>
</span></font>
</body>
</html>