Verified the settings. That fact that a reboot knocked out the tunnel is alittle disconcerning. I can go change the encryption to see. Heres the current settings. Phase1 Aggressive Identifier- My IP 3DES SHA1 MD5 DH2 Key Life 28800 PSK - ******
Phase2 3DES SHA1 PFS- Off Key Life 86400 Keep Alive remote lan ip There a difference between SHA1 and MD5 or an advantage to using Blowfish for encryption On Sat, Jul 17, 2010 at 12:20 PM, Jacob Ruppal <jrup...@gmail.com> wrote: > On Sat, Jul 17, 2010 at 10:55 AM, Paul Peziol <joyride...@gmail.com>wrote: > >> I do have a dynamic ip but have set the tunnels with dyndns. Verified the >> ip thats in the logs to make sure it matches the current ip. >> >> > It's looking like it is not even getting past phase 1 negotiation with the > other site. You might have done this already, but make sure that > your negotiation modes (aggressive or main) match on both devices, and that > the other settings like your DH key group, encryption algorithm, and hash > algorithm match as well. > > >> On Sat, Jul 17, 2010 at 9:43 AM, Jesse Vollmar <vollm...@gmail.com>wrote: >> >>> On Sat, Jul 17, 2010 at 10:09 AM, Paul Peziol <joyride...@gmail.com>wrote: >>> >>>> Have a site-site tunnel between home and work. Had issues getting the >>>> tunnels to work initially. Once they were up they were stable for a few >>>> weeks. Rebooted the home router this morning and the tunnel does not come >>>> back up. Went into IPSEC and re-saved the tunnels and still does not come >>>> up. Get this error >>>> >>>> ERROR: phase2 negotiation failed due to time up waiting for phase1 >>>> >>>> Jul 17 09:01:11 racoon: *[]*: INFO: initiate new phase 1 negotiation: >>>> HOME WAN[500]<=>OFFICE WAN[500] Jul 17 09:01:11 racoon: INFO: begin >>>> Aggressive mode. Jul 17 09:01:36 racoon: INFO: request for >>>> establishing IPsec-SA was queued due to no phase1 found. Jul 17 >>>> 09:01:44 racoon: *[]*: ERROR: phase2 negotiation failed due to time up >>>> waiting for phase1. ESP OFFICE WAN[0]->HOME WAN[0] Jul 17 09:01:44 racoon: >>>> INFO: delete phase 2 handler. Jul 17 09:02:01 racoon: ERROR: phase1 >>>> negotiation failed due to time up. dd42e11e42fc3dcb:0000000000000000 >>>> Puzzled why it would work until a reboot. IPSEC status shows *No IPsec >>>> security associations.* >>>> I tried to delete the tunnels under SPD, resave the ipsec settings. The >>>> spd gets recreated but still no tunnel and the above messages. >>>> * >>>> >>>> * >>> >>> You say between home and work. Is it possible that you have a dynamic IP >>> at home and a reboot of your modem pulled down a new IP address? This could >>> potentially have disrupted the IPSec tunnel. >>> >>> >> >