Security

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



IPSec sa negotiation loop

This thread has been viewed 4 times
  • 1.  IPSec sa negotiation loop

    Posted 03-16-2022 05:33
    Hi,

    I am setting up multiple IPsec tunnels between an SRX300 and a customers third party device, the tunnels come up for a few seconds only before getting the following error:

    Mar 16 10:59:25 fw1 kmd[2029]: IPSec sa negotiation loop detected for peer_ip=5.6.7.8, local_ip=1.2.3.4 ; rejecting the negotiation
    Mar 16 10:59:25 fw1 kmd[2029]: IPSec negotiation failed with error: Internal Error: IPSec SA installation failed. IKE Version: 2, VPN: syd-vpn Gateway: syd-gateway, Local: 1.2.3.4/500, Remote: 5.6.7.8/500, Local IKE-ID: 1.2.3.4, Remote IKE-ID: 5.6.7.8, VR-ID: 0
    Mar 16 10:59:25 fw1 kmd[2029]: KMD_VPN_DOWN_ALARM_USER: VPN syd-vpn from 5.6.7.8 is down. Local-ip: 1.2.3.4, gateway name: syd-gateway, vpn name: syd-vpn, tunnel-id: 131080, local tunnel-if: st0.7, remote tunnel-ip: Not-Available, Local IKE-ID: 1.2.3.4, Remote IKE-ID: 5.6.7.8, AAA username: Not-Applicable, VR id: 0, Traffic-selector: , Traffic-selector local ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), Traffic-selector remote ID: ipv4_subnet(any:0,[0..7]=0.0.0.0/0), SA Type: Static, Reason: IPSec SAs cleared as corresponding IKE SA deleted

    I have not been able to find any mention of the "IPSec sa negotiation loop detected" error and not sure where to look from here.
    Any help would be greatly appreciated.

    ------------------------------
    Michael M
    ------------------------------