IPsec Phase 2 Before Phase 1 On SA Renewal?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

IPsec Phase 2 Before Phase 1 On SA Renewal?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IPsec Phase 2 Before Phase 1 On SA Renewal?
IPsec Phase 2 Before Phase 1 On SA Renewal?
2021-01-02 01:32:31 - last edited 2021-04-18 10:19:13
Model: TL-R600VPN  
Hardware Version: V4
Firmware Version: 4.0.4 Build 20200313 Rel.41831

  I have my IPsec LAN-to-LAN setup and running. I have both sides set up identical (Proposal, Exchange Mode, DPD, SA Lifetimes, etc) with one side Initiator and the other Responder. I notice in the logs that the IPsec phase 2 appears to happen before start of negotiation and also phase 1. I assumed it would go: negotiation start, then phase 1 and then phase 2.

 

  Is this the way it is supposed to be (so tunnel doesn't go down completely before expiration or something else....?)?

 

Initiator side log:

10 2021-01-01 16:02:29 IPsec NOTICE WAN2: Phase 1 of IKE negotiation succeeded.
11 2021-01-01 16:02:28 IPsec NOTICE WAN2: IKE negotiation began in initiator mode. (Mode=Main Mode)
12 2021-01-01 16:02:28 IPsec WARNING WAN2: Lifetime of the SA created in phase 1 of IKE negotiation expired.
13 2021-01-01 16:02:14 IPsec NOTICE WAN2: Phase 2 of IKE negotiation succeeded.

 

 

And the Responder side log:

 

40 2021-01-01 16:02:29 IPsec NOTICE WAN1: Phase 1 of IKE negotiation succeeded.
41 2021-01-01 16:02:29 IPsec NOTICE WAN1: IKE negotiation began in responder mode. (Mode=Main Mode)
42 2021-01-01 16:02:14 IPsec NOTICE

WAN1: Phase 2 of IKE negotiation succeeded.

 

 

 

  0      
  0      
#1
Options

Information

Helpful: 0

Views: 1000

Replies: 0

Related Articles