Support Center > Search Results > SecureKnowledge Details
When IKEv2 and pre-shared-key is configured, VPN may fail on the second IKE SA re-key Technical Level
Symptoms
  • When IKEv2 and pre-shared-key is configured, VPN may fail on the second IKE SA re-key.
  • vpnd.elg shows: [vpnd 35851][ikev2_reauth] vpn1ReauthPeer::isSaAuthenticationValid: peer: [IP Address] is authenticated via PSK. entry exists in table: 0
    [vpnd 35851][ikev2_reauth] vpn1ReauthPeer::setLog: issue log: Failed to re-validate PSK of peer [IP Address]. Cannot rekey the IKE SA, authentication revoked. Need to create new IKE SA
Cause
Entry is deleted from ikev2_peer_PSK table in free_peer2ike_entry. This happens when an entry is removed from the peer_ikesa table, during IKE SA re-negotiation.  The issue is that an entry is not being added again after the deletion.


Solution
Note: To view this solution you need to Sign In .