Hi,
I setup a vpn tunnel between juniper SRX-240 and FlexGW-StrongWAN machine. The tunnel becomes up for cetain time then the connection drops while rekeying.
I tried to debug the ike logs i found the following error:
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] Soft life timer expired for inbound vpn1 with spi 0x955ebd3
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] Triggering negotiation for vpn1 config block
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: non-natt case for gateway GTW1, lookup peer entry from local_port=0, remote_port=500.
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: FOUND non-natt peer entry for gateway GTW1
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] Using existing ike SA 6325486 for gateway GTW1
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] IPSec rekey initiated for sa_cfg vpn1 with inbound spi 0x955ebd3
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] ikev2_packet_allocate: Allocated packet dabc00 from freelist
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] ikev2_udp_window_update: [dabc00/1015000] Stored packet into window 1225f00
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] ssh_ikev2_ipsec_send: Started IPsec SA creation y.y.y.y;500
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] Starting rekey retry timer for spi 0x955ebd3 in 10 seconds
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] iked_pm_ipsec_spi_allocate: local:x.x.x.x, remote:y.y.y.y IKEv2
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] Added (spi=0xa915c676, protocol=0) entry to the spi table
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] Parsing notification payload for local:x.x.x.x, remote:y.y.y.y IKEv2
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] iked_dh_get_group: DH Group 2
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] iked_dh_generate_sync: Requested DH group 2
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] iked_dh_generate_sync: Generated DH keys using hardware for DH group 2
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [7195]
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] Parsing notification payload for local:x.x.x.x, remote:y.y.y.y IKEv2
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] Construction NHTB payload for local:x.x.x.x, remote:y.y.y.y IKEv2 P1 SA index 6325486 sa-cfg vpn1
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] Peer router vendor is not Juniper. Not sending NHTB payload for sa-cfg vpn1
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] ikev2_udp_send_packet: [dabc00/1015000] Sending packet using VR id 0
[May 24 08:37:57][x.x.x.x <-> y.y.y.y] ikev2_packet_st_send: Registering timeout at 10000 (10.0)
[May 24 08:38:07][x.x.x.x <-> y.y.y.y] Retry rekey timer expired for inbound vpn1 with spi 0x955ebd3
[May 24 08:38:07][x.x.x.x <-> y.y.y.y] Triggering negotiation for vpn1 config block
[May 24 08:38:07][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: non-natt case for gateway GTW1, lookup peer entry from local_port=0, remote_port=500.
[May 24 08:38:07][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: FOUND non-natt peer entry for gateway GTW1
[May 24 08:38:07][x.x.x.x <-> y.y.y.y] Rekey in progress (flag 0x11e). Not initiating rekey for spi 0x955ebd3
[May 24 08:38:07][x.x.x.x <-> y.y.y.y] Starting rekey retry timer for spi 0x955ebd3 in 10 seconds
[May 24 08:38:07][x.x.x.x <-> y.y.y.y] ikev2_udp_send_packet: [dabc00/1015000] Sending packet using VR id 0
[May 24 08:38:07][x.x.x.x <-> y.y.y.y] ikev2_packet_st_send: Registering timeout at 10000 (10.0)
[May 24 08:38:17][x.x.x.x <-> y.y.y.y] Retry rekey timer expired for inbound vpn1 with spi 0x955ebd3
[May 24 08:38:17][x.x.x.x <-> y.y.y.y] Triggering negotiation for vpn1 config block
[May 24 08:38:17][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: non-natt case for gateway GTW1, lookup peer entry from local_port=0, remote_port=500.
[May 24 08:38:17][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: FOUND non-natt peer entry for gateway GTW1
[May 24 08:38:17][x.x.x.x <-> y.y.y.y] Rekey in progress (flag 0x11e). Not initiating rekey for spi 0x955ebd3
[May 24 08:38:17][x.x.x.x <-> y.y.y.y] Starting rekey retry timer for spi 0x955ebd3 in 10 seconds
[May 24 08:38:17][x.x.x.x <-> y.y.y.y] ikev2_udp_send_packet: [dabc00/1015000] Sending packet using VR id 0
[May 24 08:38:17][x.x.x.x <-> y.y.y.y] ikev2_packet_st_send: Registering timeout at 10000 (10.0)
[May 24 08:38:20][x.x.x.x <-> y.y.y.y] Triggering negotiation for vpn1 config block
[May 24 08:38:20][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: non-natt case for gateway GTW1, lookup peer entry from local_port=0, remote_port=500.
[May 24 08:38:20][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: FOUND non-natt peer entry for gateway GTW1
[May 24 08:38:20][x.x.x.x <-> y.y.y.y] Using existing ike SA 6325486 for gateway GTW1
[May 24 08:38:20][x.x.x.x <-> y.y.y.y] Already another negotiation is in progress for sa_cfg vpn1
[May 24 08:38:27][x.x.x.x <-> y.y.y.y] Retry rekey timer expired for inbound vpn1 with spi 0x955ebd3
[May 24 08:38:27][x.x.x.x <-> y.y.y.y] Triggering negotiation for vpn1 config block
[May 24 08:38:27][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: non-natt case for gateway GTW1, lookup peer entry from local_port=0, remote_port=500.
[May 24 08:38:27][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: FOUND non-natt peer entry for gateway GTW1
[May 24 08:38:27][x.x.x.x <-> y.y.y.y] Rekey in progress (flag 0x11e). Not initiating rekey for spi 0x955ebd3
[May 24 08:38:27][x.x.x.x <-> y.y.y.y] Starting rekey retry timer for spi 0x955ebd3 in 10 seconds
[May 24 08:38:27][x.x.x.x <-> y.y.y.y] ikev2_udp_send_packet: [dabc00/1015000] Sending packet using VR id 0
[May 24 08:38:27][x.x.x.x <-> y.y.y.y] ikev2_packet_st_send: Registering timeout at 10000 (10.0)
[May 24 08:38:30][x.x.x.x <-> y.y.y.y] Triggering negotiation for vpn1 config block
[May 24 08:38:30][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: non-natt case for gateway GTW1, lookup peer entry from local_port=0, remote_port=500.
[May 24 08:38:30][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: FOUND non-natt peer entry for gateway GTW1
[May 24 08:38:30][x.x.x.x <-> y.y.y.y] Using existing ike SA 6325486 for gateway GTW1
[May 24 08:38:30][x.x.x.x <-> y.y.y.y] Already another negotiation is in progress for sa_cfg vpn1
[May 24 08:38:37][x.x.x.x <-> y.y.y.y] Retry rekey timer expired for inbound vpn1 with spi 0x955ebd3
[May 24 08:38:37][x.x.x.x <-> y.y.y.y] Triggering negotiation for vpn1 config block
[May 24 08:38:37][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: non-natt case for gateway GTW1, lookup peer entry from local_port=0, remote_port=500.
[May 24 08:38:37][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: FOUND non-natt peer entry for gateway GTW1
[May 24 08:38:37][x.x.x.x <-> y.y.y.y] Rekey in progress (flag 0x11e). Not initiating rekey for spi 0x955ebd3
[May 24 08:38:37][x.x.x.x <-> y.y.y.y] Starting rekey retry timer for spi 0x955ebd3 in 10 seconds
[May 24 08:38:37][x.x.x.x <-> y.y.y.y] ikev2_udp_send_packet: [dabc00/1015000] Sending packet using VR id 0
[May 24 08:38:37][x.x.x.x <-> y.y.y.y] ikev2_packet_st_send: Registering timeout at 10000 (10.0)
[May 24 08:38:40][x.x.x.x <-> y.y.y.y] Triggering negotiation for vpn1 config block
[May 24 08:38:40][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: non-natt case for gateway GTW1, lookup peer entry from local_port=0, remote_port=500.
[May 24 08:38:40][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: FOUND non-natt peer entry for gateway GTW1
[May 24 08:38:40][x.x.x.x <-> y.y.y.y] Using existing ike SA 6325486 for gateway GTW1
[May 24 08:38:40][x.x.x.x <-> y.y.y.y] Already another negotiation is in progress for sa_cfg vpn1
[May 24 08:38:47][x.x.x.x <-> y.y.y.y] Retry rekey timer expired for inbound vpn1 with spi 0x955ebd3
[May 24 08:38:47][x.x.x.x <-> y.y.y.y] Triggering negotiation for vpn1 config block
[May 24 08:38:47][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: non-natt case for gateway GTW1, lookup peer entry from local_port=0, remote_port=500.
[May 24 08:38:47][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: FOUND non-natt peer entry for gateway GTW1
[May 24 08:38:47][x.x.x.x <-> y.y.y.y] Rekey in progress (flag 0x11e). Not initiating rekey for spi 0x955ebd3
[May 24 08:38:47][x.x.x.x <-> y.y.y.y] Starting rekey retry timer for spi 0x955ebd3 in 10 seconds
[May 24 08:38:47][x.x.x.x <-> y.y.y.y] ikev2_udp_send_packet: [dabc00/1015000] Sending packet using VR id 0
[May 24 08:38:47][x.x.x.x <-> y.y.y.y] ikev2_packet_st_send: Registering timeout at 10000 (10.0)
[May 24 08:38:50][x.x.x.x <-> y.y.y.y] Triggering negotiation for vpn1 config block
[May 24 08:38:50][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: non-natt case for gateway GTW1, lookup peer entry from local_port=0, remote_port=500.
[May 24 08:38:50][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: FOUND non-natt peer entry for gateway GTW1
[May 24 08:38:50][x.x.x.x <-> y.y.y.y] Using existing ike SA 6325486 for gateway GTW1
[May 24 08:38:50][x.x.x.x <-> y.y.y.y] Already another negotiation is in progress for sa_cfg vpn1
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Retry rekey timer expired for inbound vpn1 with spi 0x955ebd3
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Triggering negotiation for vpn1 config block
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: non-natt case for gateway GTW1, lookup peer entry from local_port=0, remote_port=500.
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: FOUND non-natt peer entry for gateway GTW1
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Rekey in progress (flag 0x11e). Not initiating rekey for spi 0x955ebd3
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Starting rekey retry timer for spi 0x955ebd3 in 10 seconds
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] ikev2_xmit_error: [dabc00/1015000] Transmit error
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] IPSec negotiation failed for SA-CFG vpn1 for local:x.x.x.x, remote:y.y.y.y IKEv2. status: Timed out
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] P2 ed info: flags 0x82, P2 error: Error ok
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] IPSec SA done callback. ed 1161028. status: Timed out
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] IPSec SA done callback with sa-cfg NULL in p2_ed. status: Timed out
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] ikev2_packet_done: [dabc00/1015000] Not destroyed; running to end state and terminating there.
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] ikev2_packet_done: [dafc00/1015000] Destroyed already. Thread completed. Freeing now.
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] IKE SA delete called for p1 sa 6325486 (ref cnt 1) local:x.x.x.x, remote:y.y.y.y, IKEv2
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] P1 SA 6325486 stop timer. timer duration 28800, reason 2.
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Freeing all P2 SAs for IKEv2 p1 SA 6325486
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] kmd_sa_cfg_children_sa_free: processing SA vpn1
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Freeing the SA spi=0x955ebd3, proto=ESP
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Deleted (spi=0x955ebd3, protocol=ESP dst=x.x.x.x) entry from the peer hash table. Reason: P1 SA deleted
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] NHTB entry not found. Not deleting NHTB entry
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] In iked_ipsec_sa_pair_delete Deleting GENCFG msg with key; Tunnel = 131079;SPI-In = 0x955ebd3
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Deleted SA pair for tunnel = 131079 with SPI-In = 0x955ebd3 to kernel
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Deleting phase 2 blob for key tunnel id 20007, spi 955ebd3
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Deleted the blob requested
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] iked_is_anchoring_instance sa_dist_id=0, self_dist_id=255
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] iked_deactivate_bind_interface: No more NHTB entries are active for st0.11. Bringing down the interface
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] kmd_update_tunnel_interface: update ifl st0.11 status DOWN for sa_cfg vpn1
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Deleted (spi=0x955ebd3, protocol=ESP) entry from the inbound sa spi hash table
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Freeing the SA spi=0xc1d5a864, proto=ESP
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Out bound SA. Not sending notification
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Deleted (spi=0xc1d5a864, protocol=ESP dst=y.y.y.y) entry from the peer hash table. Reason: P1 SA deleted
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] iked_peer_remove_sa_cfg_entry: remove sa_cfg tunnel_id entry 131079 from peer entry 0xec5100
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Deleted the blob requested
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] Deleted the blob requested
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] iked_pm_p1_sa_destroy: p1 sa 6325486 (ref cnt 0), waiting_for_del 0x0
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] iked_peer_remove_p1sa_entry: Remove p1 sa 6325486 from peer entry 0xec5100
[May 24 08:38:57][x.x.x.x <-> y.y.y.y] iked_peer_entry_patricia_delete:Peer entry 0xec5100 deleted for local x.x.x.x:500 and remote y.y.y.y:500
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Triggering negotiation for vpn1 config block
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: non-natt case for gateway GTW1, lookup peer entry from local_port=0, remote_port=500.
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_create_peer_entry: Created peer entry 0xdddc00 for local x.x.x.x:500 remote y.y.y.y:500
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_fetch_or_create_peer_entry: Create peer entry 0xdddc00 for local x.x.x.x:500 remote y.y.y.y:500. gw GTW1, VR id 0
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_pm_trigger_callback: FOUND non-natt peer entry for gateway GTW1
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Initiating new P1 SA for gateway GTW1
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] P1 SA 6325537 start timer. timer duration 30, reason 1.
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_peer_insert_p1sa_entry: Insert p1 sa 6325537 in peer entry 0xdddc00
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_packet_allocate: Allocated packet dab400 from freelist
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_udp_window_update: [dab400/e09000] Stored packet into window 122ba00
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ssh_ikev2_ipsec_send: Started IPsec SA creation y.y.y.y;500
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] IKE SA fill called for negotiation of local:x.x.x.x, remote:y.y.y.y IKEv2
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_dh_get_group: DH Group 2
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_dh_generate_sync: Requested DH group 2
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_dh_generate_sync: Generated DH keys using hardware for DH group 2
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] juniper_dlp_diffie_hellman_generate_async: DH Generate Secs [0] USecs [4946]
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] juniper_dlp_diffie_hellman_generate_async: Generated DH using hardware
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Parsing notification payload for local:x.x.x.x, remote:y.y.y.y IKEv2
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_udp_send_packet: [dab400/e09000] Sending packet using VR id 0
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_packet_st_send: Registering timeout at 10000 (10.0)
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_packet_st_forward: [da3400/e09000] R: IKE SA REFCNT: 3
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Received Unauthenticated notification payload Multiple auth supported from local:x.x.x.x remote:y.y.y.y IKEv2 for P1 SA 6325537
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_decode_packet: [da3400/e09000] Updating responder IKE SPI to IKE SA e09000 I 8c53590a 6ec75217 R ab725c1d 19f0e76d
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_decode_packet: [da3400/e09000] Received packet: HDR, SA, KE, Nonce, N(MULTIPLE_AUTH_SUPPORTED)
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_udp_window_update: [da3400/e09000] STOP-RETRANSMIT: Response to request dab400 with m-id 0
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_udp_window_update: [da3400/e09000] Stored packet into window 122ca60
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_packet_allocate: Allocated packet da0800 from freelist
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_udp_window_update: [da0800/e09000] Stored packet into window 122ba00
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_dh_get_group: DH Group 2
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_dh_compute_synch: Requested DH group 2
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] juniper_dlp_diffie_hellman_final_async: DH Compute Secs [0] USecs [4732]
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] juniper_dlp_diffie_hellman_final_async: Computed DH using hardware
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_pm_ipsec_spi_allocate: local:x.x.x.x, remote:y.y.y.y IKEv2
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Added (spi=0x3d40bddc, protocol=0) entry to the spi table
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Parsing notification payload for local:x.x.x.x, remote:y.y.y.y IKEv2
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Ignoring notification of type 16404
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Parsing notification payload for local:x.x.x.x, remote:y.y.y.y IKEv2
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Ignoring notification of type 16404
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_pm_ike_spd_notify_request: Sending Initial contact
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Sending IKE window size notification for IKE SA of size 1
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Construction NHTB payload for local:x.x.x.x, remote:y.y.y.y IKEv2 P1 SA index 6325537 sa-cfg vpn1
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Peer router vendor is not Juniper. Not sending NHTB payload for sa-cfg vpn1
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_udp_send_packet: [da0800/e09000] Sending packet using VR id 0
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_packet_st_send: Registering timeout at 10000 (10.0)
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_packet_st_forward: [da6000/e09000] R: IKE SA REFCNT: 3
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_packet_done: [da3400/0] Destroyed already. Thread completed. Freeing now.
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_udp_window_update: [da6000/e09000] STOP-RETRANSMIT: Response to request da0800 with m-id 1
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_udp_window_update: [da6000/e09000] Stored packet into window 122ca60
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Received Unauthenticated notification payload unknown from local:x.x.x.x remote:y.y.y.y IKEv2 for P1 SA 6325537
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ikev2_decode_packet: [da6000/e09000] Received packet: HDR, IDr, AUTH, SA, TSi, TSr, N(RESERVED)
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_pm_ipsec_sa_install: local:x.x.x.x, remote:y.y.y.y IKEv2 for SA-CFG vpn1
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Parsing notification payload for local:x.x.x.x, remote:y.y.y.y IKEv2
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Ignoring notification of type 16403
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Ignoring notification of type 16404
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Setting lifetime 3600 and lifesize 0 for IPSec SA
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Creating a SA spi=0x3d40bddc, proto=ESP pair_index = 1
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Added (spi=0x3d40bddc, protocol=ESP dst=x.x.x.x) entry to the peer hash table
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_peer_insert_sa_cfg_entry: insert sa_cfg tunnel_id entry 131079 into peer entry 0xdddc00
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Creating a SA spi=0xcbd4ba12, proto=ESP pair_index = 1
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Added (spi=0xcbd4ba12, protocol=ESP dst=y.y.y.y) entry to the peer hash table
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] iked_nhtb_update_on_sa_create: Interface st0.11 is P2P for sa_cfg vpn1. Thus ignoring NHTB notification message
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Hardlife timer started for inbound vpn1 with 3600 seconds/0 kilobytes
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] Softlife timer started for inbound vpn1 with 2981 seconds/0 kilobytes
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] In iked_fill_sa_bundle
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] vpn1 : VPN Monitor Interval=0(0) Optimized=0(0)
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] SA bundle remote gateway: IP y.y.y.y chosen
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] SA bundle local gateway: IP x.x.x.x chosen
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] In iked_fill_ipsec_ipc_sa_pair
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] In iked_fill_ipc_sa_keys
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] In iked_fill_ipc_sa_keys
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] In iked_fill_ipc_sa_keys
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] In iked_fill_ipc_sa_keys
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] ----------------Voyager ipsec SA BUNDLE-------------------
[May 24 08:39:00][x.x.x.x <-> y.y.y.y] SA pair update request for:
Tunnel index: 131079
Do you have any clue regarding this error ?
How can I resolve the problem and make the vpn tunnel stable.
Regards,
TF