Watchguard x55e - error messages
Firebox x55e
and
Firenox x10e
Unable to connect via MUVPN client to x55e.
There is a Manual VPN (site to site) setup and am able to check the logs on the x55e by connecting to the x10e via MUVPN.
Getting the following inthe logs:
Feb 3 18:19:48 2008 httpd ipsec_extmuvpn_get_count: UDS client command failed
Feb 3 18:19:36 2008 httpd ipsec_extmuvpn_get_count: UDS client command failed
Feb 3 18:15:48 2008 kernel ipsec: Input SA changing state DYING or DEAD
Feb 3 17:59:18 2008 iked Can't create Quick Mode IV!
Feb 3 17:59:18 2008 iked Unable to initialize HASH: 1005
Was able to connect via MUVPN 2 days ago to the x55e after performing a reboot of the firebox.
Why has all of a sudden this problem is happening as well as can someone shed some light on the above.
TIA
and
Firenox x10e
Unable to connect via MUVPN client to x55e.
There is a Manual VPN (site to site) setup and am able to check the logs on the x55e by connecting to the x10e via MUVPN.
Getting the following inthe logs:
Feb 3 18:19:48 2008 httpd ipsec_extmuvpn_get_count: UDS client command failed
Feb 3 18:19:36 2008 httpd ipsec_extmuvpn_get_count: UDS client command failed
Feb 3 18:15:48 2008 kernel ipsec: Input SA changing state DYING or DEAD
Feb 3 17:59:18 2008 iked Can't create Quick Mode IV!
Feb 3 17:59:18 2008 iked Unable to initialize HASH: 1005
Was able to connect via MUVPN 2 days ago to the x55e after performing a reboot of the firebox.
Why has all of a sudden this problem is happening as well as can someone shed some light on the above.
TIA
ASKER
Thanks for explaning and being so detailed.
I have fixed this issue multiple times by simply doing what you suggested. That is, rebooting the device via the system status page.
I knew how to fix and resolve, but was wondering why it would happen if there was NO improper shutdown of the Firebox.
So the absolute proper way to reboot and shutdown the device is to use the system status page and NEVER pulling the plug?
A few days ago, I was offsite when contractors were installing an AC Unit in my server room. The plug may have been pulled. I have to confirm that.
I fixed by rebooting the device via the sustem status page and all was well. Then after 4-6 hrs, the MUVPN client could not connect again. I unplugged and then left it out for 5 mins and then plugged it back in, in which all was fine again. Then a couple of hrs, it dropped again. A final reboot via the system status page cause it to connect again but this time has been up for about 5 days.
Just really inconsistent behaviour.
Also, When I connect with an MUVPN client and view the "Firebox Users" section and view the active sessions, I see my user (the MUVPN client) logged in and active, but under the license category, it says NO and all other active session entries states YES.
Please advise.
I have fixed this issue multiple times by simply doing what you suggested. That is, rebooting the device via the system status page.
I knew how to fix and resolve, but was wondering why it would happen if there was NO improper shutdown of the Firebox.
So the absolute proper way to reboot and shutdown the device is to use the system status page and NEVER pulling the plug?
A few days ago, I was offsite when contractors were installing an AC Unit in my server room. The plug may have been pulled. I have to confirm that.
I fixed by rebooting the device via the sustem status page and all was well. Then after 4-6 hrs, the MUVPN client could not connect again. I unplugged and then left it out for 5 mins and then plugged it back in, in which all was fine again. Then a couple of hrs, it dropped again. A final reboot via the system status page cause it to connect again but this time has been up for about 5 days.
Just really inconsistent behaviour.
Also, When I connect with an MUVPN client and view the "Firebox Users" section and view the active sessions, I see my user (the MUVPN client) logged in and active, but under the license category, it says NO and all other active session entries states YES.
Please advise.
ASKER
The connection dropped again and when the x10e was rebooted and it tries to auto connect the MANUAL VPN tunnel, the following is logged on the x55e:
Feb 3 18:19:48 2008 httpd ipsec_extmuvpn_get_count: UDS client command failed
Again, a reboot of the x55e re-established the connection. I have opened a support ticket at watchguard again to see if they can provide some assistance.
This is getting quite frustrating.
Feb 3 18:19:48 2008 httpd ipsec_extmuvpn_get_count: UDS client command failed
Again, a reboot of the x55e re-established the connection. I have opened a support ticket at watchguard again to see if they can provide some assistance.
This is getting quite frustrating.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
both boxes have been upgraded to the latest firmware from day one.
8.6.2
a reset to factory defaults may be something i will have to consider if this persists.
I have had some suggestions on the watchgaurd internal forums and testing.
Thanks again for responding.
8.6.2
a reset to factory defaults may be something i will have to consider if this persists.
I have had some suggestions on the watchgaurd internal forums and testing.
Thanks again for responding.
You are welcome. Would request to post your findings if you find any new workaround for the problem other than resetting the unit to factory defaults.
>> Feb 3 18:15:48 2008 kernel ipsec: Input SA changing state DYING or DEAD
>> Feb 3 17:59:18 2008 iked Can't create Quick Mode IV!
Above errors indicate that the phase II of the VPN tunnel is not going through.
Please make sure that your x55e has MUVPN licenses; for some reason if the licenses do not appear then you would not be able to connect using the MUVPN client. You might need to add the license again if they do not appear.
If you see licenses shown in x55e then I would request you to regenerate the wgx file and then try from the client again.
I do not have a specific reason why this happened after you were able to connect, but one of the possible cause is improper shut down of the box causing the config not to load properly [Eg, power adapter got pulled out and then someone put it back in].
Other reasons could be, while the config was saved some part of the config again could not be written properly, causing the problem.
Please check and update.
Thank you.