I do have a dynamic ip but have set the tunnels with dyndns. Verified the ip thats in the logs to make sure it matches the current ip.
On Sat, Jul 17, 2010 at 9:43 AM, Jesse Vollmar <[email protected]> wrote: > On Sat, Jul 17, 2010 at 10:09 AM, Paul Peziol <[email protected]>wrote: > >> Have a site-site tunnel between home and work. Had issues getting the >> tunnels to work initially. Once they were up they were stable for a few >> weeks. Rebooted the home router this morning and the tunnel does not come >> back up. Went into IPSEC and re-saved the tunnels and still does not come >> up. Get this error >> >> ERROR: phase2 negotiation failed due to time up waiting for phase1 >> >> Jul 17 09:01:11 racoon: *[]*: INFO: initiate new phase 1 negotiation: >> HOME WAN[500]<=>OFFICE WAN[500] Jul 17 09:01:11 racoon: INFO: begin >> Aggressive mode. Jul 17 09:01:36 racoon: INFO: request for establishing >> IPsec-SA was queued due to no phase1 found. Jul 17 09:01:44 racoon: *[]*: >> ERROR: phase2 negotiation failed due to time up waiting for phase1. ESP >> OFFICE WAN[0]->HOME WAN[0] Jul 17 09:01:44 racoon: INFO: delete phase 2 >> handler. Jul 17 09:02:01 racoon: ERROR: phase1 negotiation failed due to >> time up. dd42e11e42fc3dcb:0000000000000000 >> Puzzled why it would work until a reboot. IPSEC status shows *No IPsec >> security associations.* >> I tried to delete the tunnels under SPD, resave the ipsec settings. The >> spd gets recreated but still no tunnel and the above messages. >> * >> >> * > > You say between home and work. Is it possible that you have a dynamic IP at > home and a reboot of your modem pulled down a new IP address? This could > potentially have disrupted the IPSec tunnel. > >
