Support Center > Search Results > SecureKnowledge Details
Not possible to establish Site-to-Site VPN tunnel with LSV peer, which is a DAIP device
Symptoms
  • Not possible to establish Site-to-Site VPN tunnel with Large Scale VPN (LSV) peer, which is a DAIP device.

  • Debug of VPND daemon (per sk89940) during the issue shows that it crashes and is restarted right after the VPN peer is identified as LSV:

    ... ... ...
    [ PID1][Date Time][LSV] matchPeerToLsvProfile: peer XXX matches LSV profile <Name_of_Profile>.
    [ PID1][Date Time][] GetEntryCommunityLsvHash: CommunityLsvHash size = 1, received dn: <Name_of_Profile> as key, found community: <Name_of_Community>
    [ PID1][Date Time][] FindCommonCommunity: Found common community <Name_of_Community> with LSV profile <Name_of_Profile>
    [ikev2] getIKEVersionForCommunity: Community configured to use IKEv1 only.
    [vpnd PID2 ...]@HostName[Date Time] vpnd: DDD MMM DD HH:MM:SS YYY
    [vpnd PID2 ...]@HostName[Date Time] ------------ VPND Starting: DDD MMM DD HH:MM:SS YYY
    ... ... ...
    
  • $FWDIR/log/fwd.elg repeatedly shows "fwd: restarting vpnd".

  • After enabling generation of core dump files per sk92764 / sk53363, core dump files for 'VPND' process were generated in the /var/log/dump/usermode/ directory.

Cause

VPND daemon crashes during IKE Phase1 after the IP address of LSV peer, which is a DAIP device.


Solution
Note: To view this solution you need to Sign In .