VPN will no longer connect

Two offices have been using the FVS336G firewall/vpn for IPSEC VPN connections without problems.  Recently, one office was no longer able to connect via the VPN.  (The other office has other VPN connections that are working normally.)  Here is part of the VPN log:

2008-06-06 18:56:25: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:56:35: ERROR:  Phase 1 negotiation failed due to time up for 64.81.39.172[500]. 3771518e95b1db18:9d2a1c98dc760ad2
2008-06-06 18:56:35: INFO:  accept a request to establish IKE-SA: 64.81.39.172
2008-06-06 18:56:35: INFO:  Configuration found for 64.81.39.172.
2008-06-06 18:56:35: INFO:  Initiating new phase 1 negotiation: 63.194.4.141[500]<=>64.81.39.172[500]
2008-06-06 18:56:35: INFO:  Beginning Identity Protection mode.
2008-06-06 18:56:36: INFO:  Received Vendor ID: RFC XXXX
2008-06-06 18:56:36: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 18:56:36: INFO:  For 64.81.39.172[500], Selected NAT-T version: RFC XXXX
2008-06-06 18:56:36: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 18:56:36: INFO:  NAT-D payload matches for 63.194.4.141[500]
2008-06-06 18:56:36: INFO:  NAT-D payload matches for 64.81.39.172[500]
2008-06-06 18:56:36: INFO:  NAT not detected
2008-06-06 18:56:56: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:57:06: ERROR:  Invalid SA protocol type: 0
2008-06-06 18:57:06: ERROR:  Phase 2 negotiation failed due to time up waiting for phase1.
2008-06-06 18:57:06: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:57:16: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:57:25: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:57:36: ERROR:  Phase 1 negotiation failed due to time up for 64.81.39.172[500]. 75968224a8181bd9:f329cd2dcda02f15
2008-06-06 18:57:37: INFO:  Using IPsec SA configuration: 192.168.3.1/24<->192.168.1.1/24
2008-06-06 18:57:37: INFO:  Configuration found for 64.81.39.172.
2008-06-06 18:57:37: INFO:  Initiating new phase 1 negotiation: 63.194.4.141[500]<=>64.81.39.172[500]
2008-06-06 18:57:37: INFO:  Beginning Identity Protection mode.
2008-06-06 18:57:37: INFO:  Received Vendor ID: RFC XXXX
2008-06-06 18:57:37: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 18:57:37: INFO:  For 64.81.39.172[500], Selected NAT-T version: RFC XXXX
2008-06-06 18:57:38: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 18:57:38: INFO:  NAT-D payload matches for 63.194.4.141[500]
2008-06-06 18:57:38: INFO:  NAT-D payload matches for 64.81.39.172[500]
2008-06-06 18:57:38: INFO:  NAT not detected
2008-06-06 18:57:48: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:57:58: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:58:08: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:58:08: ERROR:  Phase 2 negotiation failed due to time up waiting for phase1. ESP 64.81.39.172->63.194.4.141
2008-06-06 18:58:18: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:58:28: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:58:38: ERROR:  Phase 1 negotiation failed due to time up for 64.81.39.172[500]. efb5e93487dd399e:dcb718efc32d70c9
2008-06-06 18:59:16: INFO:  Using IPsec SA configuration: 192.168.3.1/24<->192.168.1.1/24
2008-06-06 18:59:16: INFO:  Configuration found for 64.81.39.172.
2008-06-06 18:59:16: INFO:  Initiating new phase 1 negotiation: 63.194.4.141[500]<=>64.81.39.172[500]
2008-06-06 18:59:16: INFO:  Beginning Identity Protection mode.
2008-06-06 18:59:16: INFO:  Received Vendor ID: RFC XXXX
2008-06-06 18:59:16: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 18:59:16: INFO:  For 64.81.39.172[500], Selected NAT-T version: RFC XXXX
2008-06-06 18:59:16: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 18:59:16: INFO:  NAT-D payload matches for 63.194.4.141[500]
2008-06-06 18:59:16: INFO:  NAT-D payload matches for 64.81.39.172[500]
2008-06-06 18:59:16: INFO:  NAT not detected
2008-06-06 18:59:26: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:59:36: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:59:46: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 18:59:47: ERROR:  Phase 2 negotiation failed due to time up waiting for phase1. ESP 64.81.39.172->63.194.4.141
2008-06-06 18:59:56: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:00:06: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:00:16: ERROR:  Phase 1 negotiation failed due to time up for 64.81.39.172[500]. 5f3afa34a94c8c2c:44e2a3195f5eec5a
2008-06-06 19:00:43: INFO:  Using IPsec SA configuration: 192.168.3.1/24<->192.168.1.1/24
2008-06-06 19:00:43: INFO:  Configuration found for 64.81.39.172.
2008-06-06 19:00:43: INFO:  Initiating new phase 1 negotiation: 63.194.4.141[500]<=>64.81.39.172[500]
2008-06-06 19:00:43: INFO:  Beginning Identity Protection mode.
2008-06-06 19:00:43: INFO:  Received Vendor ID: RFC XXXX
2008-06-06 19:00:43: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 19:00:43: INFO:  For 64.81.39.172[500], Selected NAT-T version: RFC XXXX
2008-06-06 19:00:44: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 19:00:44: INFO:  NAT-D payload matches for 63.194.4.141[500]
2008-06-06 19:00:44: INFO:  NAT-D payload matches for 64.81.39.172[500]
2008-06-06 19:00:44: INFO:  NAT not detected
2008-06-06 19:00:54: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:01:04: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:01:13: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:01:14: ERROR:  Phase 2 negotiation failed due to time up waiting for phase1. ESP 64.81.39.172->63.194.4.141
2008-06-06 19:01:23: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:01:26: INFO:  Using IPsec SA configuration: 192.168.3.1/24<->192.168.1.1/24
2008-06-06 19:01:26: INFO:  Configuration found for 64.81.39.172.
2008-06-06 19:01:34: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:01:44: ERROR:  Phase 1 negotiation failed due to time up for 64.81.39.172[500]. a3916c3c39c9a294:facad45b5294ecbe
2008-06-06 19:01:57: ERROR:  Phase 2 negotiation failed due to time up waiting for phase1. ESP 64.81.39.172->63.194.4.141
2008-06-06 19:02:29: INFO:  Using IPsec SA configuration: 192.168.3.1/24<->192.168.1.1/24
2008-06-06 19:02:29: INFO:  Configuration found for 64.81.39.172.
2008-06-06 19:02:29: INFO:  Initiating new phase 1 negotiation: 63.194.4.141[500]<=>64.81.39.172[500]
2008-06-06 19:02:29: INFO:  Beginning Identity Protection mode.
2008-06-06 19:02:29: INFO:  Received Vendor ID: RFC XXXX
2008-06-06 19:02:29: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 19:02:29: INFO:  For 64.81.39.172[500], Selected NAT-T version: RFC XXXX
2008-06-06 19:02:30: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 19:02:30: INFO:  NAT-D payload matches for 63.194.4.141[500]
2008-06-06 19:02:30: INFO:  NAT-D payload matches for 64.81.39.172[500]
2008-06-06 19:02:30: INFO:  NAT not detected
2008-06-06 19:02:40: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:02:50: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:02:59: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:03:00: ERROR:  Phase 2 negotiation failed due to time up waiting for phase1. ESP 64.81.39.172->63.194.4.141
2008-06-06 19:03:10: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:03:20: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:03:30: ERROR:  Phase 1 negotiation failed due to time up for 64.81.39.172[500]. 18d5d18ca4dd4579:1c76a0a74e37d55a
2008-06-06 19:03:44: INFO:  Using IPsec SA configuration: 192.168.3.1/24<->192.168.1.1/24
2008-06-06 19:03:44: INFO:  Configuration found for 64.81.39.172.
2008-06-06 19:03:44: INFO:  Initiating new phase 1 negotiation: 63.194.4.141[500]<=>64.81.39.172[500]
2008-06-06 19:03:44: INFO:  Beginning Identity Protection mode.
2008-06-06 19:03:44: INFO:  Received Vendor ID: RFC XXXX
2008-06-06 19:03:44: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 19:03:44: INFO:  For 64.81.39.172[500], Selected NAT-T version: RFC XXXX
2008-06-06 19:03:45: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 19:03:45: INFO:  NAT-D payload matches for 63.194.4.141[500]
2008-06-06 19:03:45: INFO:  NAT-D payload matches for 64.81.39.172[500]
2008-06-06 19:03:45: INFO:  NAT not detected
2008-06-06 19:03:55: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:04:05: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:04:15: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:04:15: ERROR:  Phase 2 negotiation failed due to time up waiting for phase1. ESP 64.81.39.172->63.194.4.141
2008-06-06 19:04:21: INFO:  Using IPsec SA configuration: 192.168.3.1/24<->192.168.1.1/24
2008-06-06 19:04:21: INFO:  Configuration found for 64.81.39.172.
2008-06-06 19:04:24: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:04:35: NOTIFY:  The packet is retransmitted by 64.81.39.172[500].
2008-06-06 19:04:45: ERROR:  Phase 1 negotiation failed due to time up for 64.81.39.172[500]. 280c4574813dee85:efae73afb9f692ac
2008-06-06 19:04:52: ERROR:  Phase 2 negotiation failed due to time up waiting for phase1. ESP 64.81.39.172->63.194.4.141
2008-06-06 19:05:17: INFO:  Configuration found for 64.81.39.172[500].
2008-06-06 19:05:17: INFO:  Received request for new phase 1 negotiation: 63.194.4.141[500]<=>64.81.39.172[500]
2008-06-06 19:05:17: INFO:  Beginning Identity Protection mode.
2008-06-06 19:05:17: INFO:  Received Vendor ID: RFC XXXX
2008-06-06 19:05:17: INFO:  For 64.81.39.172[500], Selected NAT-T version: RFC XXXX
2008-06-06 19:05:18: INFO:  Received Vendor ID: KAME/racoon
2008-06-06 19:05:18: INFO:  NAT-D payload matches for 63.194.4.141[500]
2008-06-06 19:05:18: INFO:  NAT-D payload matches for 64.81.39.172[500]
2008-06-06 19:05:18: INFO:  NAT not detected
2008-06-06 19:05:18: INFO:  Received Malformed packet of payload length 27991 and total length 40.
2008-06-06 19:05:28: INFO:  Received Malformed packet of payload length 5539 and total length 40.
2008-06-06 19:05:29: INFO:  Received Malformed packet of payload length 5539 and total length 40.
2008-06-06 19:05:38: INFO:  Received Malformed packet of payload length 5539 and total length 40.
2008-06-06 19:05:39: INFO:  Received Malformed packet of payload length 5539 and total length 40.
2008-06-06 19:05:46: INFO:  Using IPsec SA configuration: 192.168.3.1/24<->192.168.1.1/24
2008-06-06 19:05:46: INFO:  Configuration found for 64.81.39.172.
2008-06-06 19:05:48: INFO:  Received Malformed packet of payload length 5539 and total length 40.
2008-06-06 19:05:49: INFO:  Received Malformed packet of payload length 5539 and total length 40.
2008-06-06 19:05:58: INFO:  Received Malformed packet of payload length 5539 and total length 40.
2008-06-06 19:05:58: INFO:  Received Malformed packet of payload length 5539 and total length 40.
2008-06-06 19:06:08: INFO:  Received Malformed packet of payload length 5539 and total length 40.
2008-06-06 19:06:08: INFO:  Received Malformed packet of payload length 5539 and total length 40.
2008-06-06 19:06:17: ERROR:  Phase 2 negotiation failed due to time up waiting for phase1. ESP 64.81.39.172->63.194.4.141
2008-06-06 19:06:18: ERROR:  Phase 1 negotiation failed due to time up for 64.81.39.172[500]. 32ddc16e71046e7b:1b34fc7d7b15d31a


Other than replacing the second VPN box, does anyone have a clue as to what is wrong here?

Thanks.Start Free Trial