Netscreen VPN tunnel issues

I have a VPN tunnel which keeps dropping on one end I have a NS-5GT and on other end NS5XP
My system log show "Phase1 Retransmission limit has been reached"
Not much on google
any help would be great
Thank you
Who is Participating?
dpk_walConnect With a Mentor Commented:
>> Phase1 Retransmission limit has been reached
Indicates that the peers are not able to complete phase I of VPN negotiations; wither they are not able to reach other, for eg, if you have one end with dynamic IP and you have not used FQDN but static IP, when the IP would change the tunnel would drop.
Other option is that the pre-shared is not matching or any of the phase I option like encryption algorithm or deffie hellman group is in mismatch.

One other thing which is possible when your phase I key expires it cannot re-establish the connection and hence phase I and your VPN breaks.

Can you check when you start getting the phase I messages, do you loose internet connection at one of the sites, or if the IP address changes.

Please advice.

Thank you.
You can refer the following pdf document and i am sure you will be good to go,
On which you can go through the 'concepts & Examples' module.
Specifically in that module you can refer 'Volume 5 VPN > Site-to-site vpn'

Moreover you might want to check if you have the 'rekey' option enabled by which the tunnel wont be torn. Enable it on both the peers.
Go through the attached doc which talks about the 'Rekey & Optimization' options provided by netscreen. Its from the same document under 'Advanced VPN > VPN Monitoring' on page 242

Also if possible can you send across the configurations on both side so it will be easier to troubleshoot.


Following would be cli for enabling the rekey option in your phase II of an ipsec vpn,

C5GT-118-> set vpn vpn-1 monitor ?
optimized            optimize for scalability
rekey                trigger Rekey for autokey VPN
source-interface     send monitor message from
C5GT-118-> set vpn vpn-1 monitor

Let me know if this works out well.
dynndAuthor Commented:
great thanks
All Courses

From novice to tech pro — start learning today.