IPSec fault Occurred in USG5300 Firewall

Publication Date:  2013-01-23 Views:  364 Downloads:  0
Issue Description
As shown in Figure, network A and network B connect to the Internet through USG5300 A and USG5300 B respectively. The network environment is as follows:

Network A is on the network segment of 10.1.1.0/24. This network connects to USG5300 A through GigabitEthernet 0/0/1.
Network B is on the network segment of 10.1.2.0/24. This network connects to USG5300 B through GigabitEthernet 0/0/1.
Routes between USG5300 A and USG5300 B are available.

But pay attention


I used ADSL modem instead of router


Alarm Information
0.814683 USG5300A %%01IKE/7/DEBUG(d): handle timer expirations: event ike_nat_keep_alive(0)
0.814800 USG5300A %%01IKE/7/DEBUG(d): add timer event: event ike_nat_keep_alive(0) added before exchange_error_free_aux(57197664)
0.817683 USG5300A %%01IKE/7/DEBUG(d): handle timer expirations: event message_send(571f3284)
0.817800 USG5300A %%01IKE/7/DEBUG(d): message_send: message 571f3284
0.817883 USG5300A %%01IKE/7/DEBUG(d):   ICOOKIE: 0x542075f7b0a153ae
0.817966 USG5300A %%01IKE/7/DEBUG(d):   RCOOKIE: 0x0000000000000000
0.818050 USG5300A %%01IKE/7/DEBUG(d):   NEXT_PAYLOAD: SA
0.818116 USG5300A %%01IKE/7/DEBUG(d):   VERSION: 16
0.818183 USG5300A %%01IKE/7/DEBUG(d):   EXCH_TYPE: AGGRESSIVE
0.818250 USG5300A %%01IKE/7/DEBUG(d):   FLAGS: [ ]
0.818316 USG5300A %%01IKE/7/DEBUG(d):   MESSAGE_ID: 0x00000000
0.818400 USG5300A %%01IKE/7/DEBUG(d):   LENGTH: 220
0.818466 USG5300A %%01IKE/7/DEBUG(d): message dump: iovec 0:
0.818533 USG5300A %%01IKE/7/DEBUG(d): 542075f7 b0a153ae 00000000 00000000 01100400 00000000 000000dc
0.818650 USG5300A %%01IKE/7/DEBUG(d): message dump: iovec 1:
0.818716 USG5300A %%01IKE/7/DEBUG(d): 04000038 00000001 00000001
0.818800 USG5300A %%01IKE/7/DEBUG(d): message dump: iovec 2:
0.818866 USG5300A %%01IKE/7/DEBUG(d): 0000002c 01010001
0.818933 USG5300A %%01IKE/7/DEBUG(d): message dump: iovec 3:
0.819000 USG5300A %%01IKE/7/DEBUG(d): 00000024 00010000 80010001 80020001 80030001 80040001 800b0001 000c0004
 
0.819133 USG5300A %%01IKE/7/DEBUG(d): 00015180
0.819200 USG5300A %%01IKE/7/DEBUG(d): message dump: iovec 4:
0.819283 USG5300A %%01IKE/7/DEBUG(d): 0a000064 abed6027 cf07238a 0355ca6d ac8b7891 f2ca5a6f 551cf6fa 839f270b
 
0.819416 USG5300A %%01IKE/7/DEBUG(d): f2df7d7d 5b5c1574 06bd156e 5c812e24 05bcc174 2bfd904f 3b46012d 4fbe5560
 
0.819550 USG5300A %%01IKE/7/DEBUG(d): a3f53752 4160cee5 86a54b4a fe5c0fec 7dbaa604 576eae6b e3f38b52 0579a619
 
0.819683 USG5300A %%01IKE/7/DEBUG(d): 461b6755
0.819750 USG5300A %%01IKE/7/DEBUG(d): message dump: iovec 5:
0.819816 USG5300A %%01IKE/7/DEBUG(d): 05000014 2bd39fc5 407f5583 77ccc1d3 b820d331
0.819916 USG5300A %%01IKE/7/DEBUG(d): message dump: iovec 6:
0.819983 USG5300A %%01IKE/7/DEBUG(d): 00000010 02000000 55534735 33303041
0.820066 USG5300A %%01IKE/7/DEBUG(d): transport 571f2ea4 sending message 571f3284 3 times.
0.820183 USG5300A %%01IKE/7/DEBUG(d): transport send messages: message 571f3284 scheduled for retranslate 4 in 13 seconds
0.820333 USG5300A %%01IKE/7/DEBUG(d): add timer event: event message_send(571f3284) added before ike_nat_keep_alive(0)
0.820683 USG5300A %%01IKE/7/DEBUG(d): Add message: type 5
0.820750 USG5300A %%01IKE/7/DEBUG(d): Add message: type 6
0.820816 USG5300A %%01IKE/7/DEBUG(d): Add message: type 10
0.820883 USG5300A %%01IKE/7/DEBUG(d): Add message: type 11
0.820950 USG5300A %%01IKE/7/DEBUG(d): Add message: type 23
Handling Process
You should replace Adsl modem by router or any layer 3 Device
Root Cause
ADSL Modem Support NAT so it can support routing between two firewall
Suggestions
No Sugestions

END