VPN tunnels to random provisioning (LSM) devices are dropped after policy installation

Support Center > Search Results > SecureKnowledge Details

Solution ID	sk152612
Product	IPSec VPN
Version	R77.30, R80.10, R80.20, R80.30
OS	Gaia
Platform / Model	All
Date Created	29-Apr-2019
Last Modified	24-Oct-2019

Symptoms

After a policy installation, random tunnels are shown as down in SmartView Monitor. The issue starts after the user upgrades the Security Management Server to R80.20 when the Security Gateways are of a lower version.

After the policy installation, the following errors appear in in VPND.elg.

Line 47706: [ 8674][6 Mar  9:32:11][] update_ATLAS_ROBO_objects: failed to get kbuf 54
Line 47708: [ 8674][6 Mar  9:32:11][] update_ATLAS_ROBO_objects: failed to get kbuf 55

Cause

As part of the policy installation, the user runs update_ATLAS_ROBO_objects API. This API is supposed to go over the existing database and add the relevant IPs to the database.

Afterwards, the objects from the database update our resolving hash.

When the issue occurs, the kbuf is lost, causing the Security Gateway to not be able to corralate between the encryption key and the actual peer.

Solution

Note: To view this solution you need to Sign In .