I think I had a similar issue between debian lenny + racoon and a
netscreen firewall.
It comes down to:
- what is the lifetime of the phase1 connection
- which side has initiated the connection.
In my case, racoon seems to have a default of 30 minutes if I don't
explicitly put a:
lifetime time 60 min;
in the sainfo section of racoon.conf.
The netscreen (and maybe your ciscos) has a default of 60 minutes.
So my situation was this:
- time X + 00 minutes: nestcreen establishes a connection
- time X + 30 minutes: racoon gets bored, says IPsec-SA expired
-> at this time racoon does not renegotiate
- time X + 60: miraculously the connection is alive again
-> the netscreen firewall has renegotiated after 60 minutes.
Any chance that this is your situation, and maybe racoon's default has
changed from 60 in sarge to 30 in etch or lenny?
HTH
Till
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
