Not possible to establish Site-to-Site VPN tunnel with LSV peer, which is a DAIP device
|Platform / Model
Not possible to establish Site-to-Site VPN tunnel with Large Scale VPN (LSV) peer, which is a DAIP device.
Debug of VPND daemon (per sk89940) during the issue shows that it crashes and is restarted right after the VPN peer is identified as LSV:
... ... ...
[ PID1][Date Time][LSV] matchPeerToLsvProfile: peer XXX matches LSV profile <Name_of_Profile>.
[ PID1][Date Time] GetEntryCommunityLsvHash: CommunityLsvHash size = 1, received dn: <Name_of_Profile> as key, found community: <Name_of_Community>
[ PID1][Date Time] FindCommonCommunity: Found common community <Name_of_Community> with LSV profile <Name_of_Profile>
[ikev2] getIKEVersionForCommunity: Community configured to use IKEv1 only.
[vpnd PID2 ...]@HostName[Date Time] vpnd: DDD MMM DD HH:MM:SS YYY
[vpnd PID2 ...]@HostName[Date Time] ------------ VPND Starting: DDD MMM DD HH:MM:SS YYY
... ... ...
$FWDIR/log/fwd.elg repeatedly shows "
fwd: restarting vpnd".
After enabling generation of core dump files per sk92764 / sk53363, core dump files for 'VPND' process were generated in the /var/log/dump/usermode/ directory.
VPND daemon crashes during IKE Phase1 after the IP address of LSV peer, which is a DAIP device.
Note: To view this solution you need to