SRX

 View Only
last person joined: 16 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

[SRX240H2] IKEv1 Error : Out of memory

  • 1.  [SRX240H2] IKEv1 Error : Out of memory

    Posted 04-06-2022 19:00
    Hi fellows,
    we've [1] SRX240H2 (Responder) and [n] SRX110H2-VA.
    When the SRX110's try to initiate the VPN, we get on the SRX240 the below shown log entry (for each SRX110).
    We haven't changed anything, the VPN's have been working fine.
    Any ideas / help ?
    I appreciate your support and/or hints.
    Best regards

    [Apr  6 17:22:59]ikev2_packet_allocate: Allocated packet e4a800 from freelist
    [Apr  6 17:22:59]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
    [Apr  6 17:22:59]ike_get_sa: Start, SA = { s7a7n7t7i7z7e7d s8a8n8t8i8z8e8d - 00000000 00000000 } / 00000000, remote = 9.9.9.9:500
    [Apr  6 17:22:59]ike_sa_allocate: Start, SA = { s7a7n7t7i7z7e7d s8a8n8t8i8z8e8d - 1299f47d c97be990 }
    [Apr  6 17:22:59]ike_init_isakmp_sa: Start, remote = 9.9.9.9:500, initiator = 0
    [Apr  6 17:22:59]ike_decode_packet: Start
    [Apr  6 17:22:59]ike_decode_packet: Start, SA = { s7a7n7t7i7z7e7d s8a8n8t8i8z8e8d - s4a4n4t4i4z4e4d s5a5n5t5i5z5e5d} / 00000000, nego = -1
    [Apr  6 17:22:59]ike_decode_payload_sa: Start
    [Apr  6 17:22:59]ike_decode_payload_t: Start, # trans = 1
    [Apr  6 17:22:59]ike_st_i_vid: VID[0..16] = alphaXY1 alphaAB1 ...
    [Apr  6 17:22:59]ike_st_i_vid: VID[0..16] = alphaXY2 alphaAB2 ...
    [Apr  6 17:22:59]ike_st_i_vid: VID[0..16] = alphaXY3 alphaAB3 ...
    [Apr  6 17:22:59]ike_st_i_vid: VID[0..16] = alphaXY4 alphaAB4 ...
    [Apr  6 17:22:59]ike_st_i_vid: VID[0..16] = alphaXY5 alphaAB5 ...
    [Apr  6 17:22:59]ike_st_i_vid: VID[0..16] = alphaXY6 alphaAB6 ...
    [Apr  6 17:22:59]ike_st_i_vid: VID[0..16] = alphaXY7 alphaAB7 ...
    [Apr  6 17:22:59]ike_st_i_vid: VID[0..16] = alphaXY8 alphaAB8 ...
    [Apr  6 17:22:59]ike_st_i_vid: VID[0..28] = alphaXY9 alphaAB9 ...
    [Apr  6 17:22:59]ike_st_i_id: Start
    [Apr  6 17:22:59]ike_st_i_sa_proposal: Start
    [Apr  6 17:22:59]ike_free_id_payload: Start, id type = 9
    [Apr  6 17:22:59]Gateway hub-to-spoke-gw: number of connections=0, limit=2147483647
    [Apr  6 17:22:59]ike_isakmp_sa_reply: Start
    [Apr  6 17:22:59]ike_state_restart_packet: Start, restart packet SA = { s7a7n7t7i7z7e7d s8a8n8t8i8z8e8d - s4a4n4t4i4z4e4d s5a5n5t5i5z5e5d}, nego = -1
    [Apr  6 17:22:59]ike_st_i_sa_proposal: Start
    [Apr  6 17:22:59]ike_st_i_nonce: Start, nonce[0..16] = t7hj8kf346h 4gn457jd34 ...
    [Apr  6 17:22:59]ike_st_i_cert: Start
    [Apr  6 17:22:59]ike_st_i_hash_key: Start, no key_hash
    [Apr  6 17:22:59]ike_st_i_ke: Ke[0..256] = s1a6n7t8i9z3e2d s8a4n3t2i6z7e3d ...
    [Apr  6 17:22:59]ike_st_i_cr: Start
    [Apr  6 17:22:59]ike_st_i_private: Start
    [Apr  6 17:22:59]ike_st_o_sa_values: Start
    [Apr  6 17:22:59]ike_st_o_ke: Start
    [Apr  6 17:22:59]ike_st_o_nonce: Start
    [Apr  6 17:22:59]ike_policy_reply_isakmp_nonce_data_len: Start
    [Apr  6 17:22:59]ike_st_o_id: Start
    [Apr  6 17:22:59]IKED-PKID-IPC Failed to delete cert chain patricia node 
    [Apr  6 17:22:59]ikev2_fb_id_request_cb: Local identity was not found (neg e96000)
    [Apr  6 17:22:59]ike_policy_reply_isakmp_id: Start
    [Apr  6 17:22:59]ike_policy_reply_isakmp_id: Policy manager returned NULL for local end identity for isakmp SA
    [Apr  6 17:22:59]ike_state_restart_packet: Start, restart packet SA = { s7a7n7t7i7z7e7d s8a8n8t8i8z8e8d - s4a4n4t4i4z4e4d s5a5n5t5i5z5e5d}, nego = -1
    [Apr  6 17:22:59]3.3.3.3:500 (Responder) <-> 9.9.9.9:500 { s7a7n7t7i7z7e7d s8a8n8t8i8z8e8d - s4a4n4t4i4z4e4d s5a5n5t5i5z5e5d [-1] / 0x00000000 } Aggr; Error = Out of memory (8202)
    [Apr  6 17:22:59]ike_send_notify: Private notification, do not send notification
    [Apr  6 17:22:59]ike_delete_negotiation: Start, SA = { s7a7n7t7i7z7e7d s8a8n8t8i8z8e8d - s4a4n4t4i4z4e4d s5a5n5t5i5z5e5d}, nego = -1
    [Apr  6 17:22:59]ssh_ike_tunnel_table_entry_delete: Deleting tunnel_id: 0 from IKE tunnel table
    [Apr  6 17:22:59]ssh_ike_tunnel_table_entry_delete: The tunnel id: 0 doesn't exist in IKE tunnel table
    [Apr  6 17:22:59]ike_sa_delete: Start, SA = { s7a7n7t7i7z7e7d s8a8n8t8i8z8e8d - s4a4n4t4i4z4e4d s5a5n5t5i5z5e5d }
    [Apr  6 17:22:59]ike_free_negotiation_isakmp: Start, nego = -1
    [Apr  6 17:22:59]ike_free_negotiation: Start, nego = -1
    [Apr  6 17:22:59]IKE SA delete called for p1 sa 8527419 (ref cnt 2) local:3.3.3.3, remote:9.9.9.9, IKEv1 
    [Apr  6 17:22:59]P1 SA 8527419 reference count is not zero (1). Delaying deletion of SA
    [Apr  6 17:22:59]ike_free_id_payload: Start, id type = 9
    [Apr  6 17:22:59]ike_free_sa: Start
    [Apr  6 17:22:59]iked_pm_ike_sa_done: UNUSABLE p1_sa 8527419
    [Apr  6 17:22:59]  IKEv1 Error : Out of memory
    [Apr  6 17:22:59]iked_pm_p1_sa_destroy:  p1 sa 8527419 (ref cnt 0), waiting_for_del 0x1ce4796​


    ------------------------------
    Deniz Dersim
    ------------------------------