Not possible to establish Site-to-Site VPN tunnel with LSV peer, which is a DAIP device

Support Center > Search Results > SecureKnowledge Details

Not possible to establish Site-to-Site VPN tunnel with LSV peer, which is a DAIP device

Technical Level

Solution ID	sk109473
Technical Level
Product	IPSec VPN
Version	R77.30 (EOL)
Platform / Model	All
Date Created	05-Jan-2016
Last Modified	26-Jan-2016

Symptoms

Not possible to establish Site-to-Site VPN tunnel with Large Scale VPN (LSV) peer, which is a DAIP device.

Debug of VPND daemon (per sk89940) during the issue shows that it crashes and is restarted right after the VPN peer is identified as LSV:

... ... ...
[ PID1][Date Time][LSV] matchPeerToLsvProfile: peer XXX matches LSV profile <Name_of_Profile>.
[ PID1][Date Time][] GetEntryCommunityLsvHash: CommunityLsvHash size = 1, received dn: <Name_of_Profile> as key, found community: <Name_of_Community>
[ PID1][Date Time][] FindCommonCommunity: Found common community <Name_of_Community> with LSV profile <Name_of_Profile>
[ikev2] getIKEVersionForCommunity: Community configured to use IKEv1 only.
[vpnd PID2 ...]@HostName[Date Time] vpnd: DDD MMM DD HH:MM:SS YYY
[vpnd PID2 ...]@HostName[Date Time] ------------ VPND Starting: DDD MMM DD HH:MM:SS YYY
... ... ...

$FWDIR/log/fwd.elg repeatedly shows "fwd: restarting vpnd".
After enabling generation of core dump files per sk92764 / sk53363, core dump files for 'VPND' process were generated in the /var/log/dump/usermode/ directory.

Cause

VPND daemon crashes during IKE Phase1 after the IP address of LSV peer, which is a DAIP device.

Solution

Note: To view this solution you need to Sign In .