Watchguard x55e - error messages

Firebox x55e
and
Firenox x10e

Unable to connect via MUVPN client to x55e.
There is a Manual VPN (site to site) setup and am able to check the logs on the x55e by connecting to the x10e via MUVPN.

Getting the following inthe logs:

Feb 3 18:19:48 2008 httpd ipsec_extmuvpn_get_count: UDS client command failed  
Feb 3 18:19:36 2008 httpd ipsec_extmuvpn_get_count: UDS client command failed  
Feb 3 18:15:48 2008 kernel ipsec: Input SA changing state DYING or DEAD  
Feb 3 17:59:18 2008 iked Can't create Quick Mode IV!  
Feb 3 17:59:18 2008 iked Unable to initialize HASH: 1005  
      

Was able to connect via MUVPN 2 days ago to the x55e after performing a reboot of the firebox.

Why has all of a sudden this problem is happening as well as can someone shed some light on the above.

TIA
TechInNeedmmAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dpk_walCommented:
Before any of the troubleshooting, I would request you to reboot the device (from system status page) and then when the device is back up, check if you are able to connect from the client.

>> Feb 3 18:15:48 2008 kernel ipsec: Input SA changing state DYING or DEAD  
>> Feb 3 17:59:18 2008 iked Can't create Quick Mode IV!  

Above errors indicate that the phase II of the VPN tunnel is not going through.

Please make sure that your x55e has MUVPN licenses; for some reason if the licenses do not appear then you would not be able to connect using the MUVPN client. You might need to add the license again if they do not appear.

If you see licenses shown in x55e then I would request you to regenerate the wgx file and then try from the client again.

I do not have a specific reason why this happened after you were able to connect, but one of the possible cause is improper shut down of the box causing the config not to load properly [Eg, power adapter got pulled out and then someone put it back in].
Other reasons could be, while the config was saved some part of the config again could not be written properly, causing the problem.

Please check and update.

Thank you.
0
TechInNeedmmAuthor Commented:
Thanks for explaning and being so detailed.
I have fixed this issue multiple times by simply doing what you suggested. That is, rebooting the device via the system status page.

I knew how to fix and resolve, but was wondering why it would  happen if there was NO improper shutdown of the Firebox.

So the absolute proper way to reboot and shutdown the device is to use the system status page and NEVER pulling the plug?

A few days ago, I was offsite when contractors were installing an AC Unit in my server room. The plug may have been pulled. I have to confirm that.

I fixed by rebooting the device via the sustem status page and all was well. Then after 4-6 hrs, the MUVPN client could not connect again. I unplugged and then left it out for 5 mins and then plugged it back in, in which all was fine again. Then a couple of hrs, it dropped again. A final reboot via the system status page cause it to connect again but this time has been up for about 5 days.

Just really inconsistent behaviour.

Also, When I connect with an MUVPN client and view the "Firebox Users" section and view the active sessions, I see my user (the MUVPN client) logged in and active, but under the license category, it says NO and all other active session entries states YES.

Please advise.
0
TechInNeedmmAuthor Commented:
The connection dropped again and when the x10e was rebooted and it tries to auto connect the MANUAL VPN tunnel, the following is logged on the x55e:

Feb 3 18:19:48 2008 httpd ipsec_extmuvpn_get_count: UDS client command failed

Again, a reboot of the x55e re-established the connection. I have opened a support ticket at watchguard again to see if they can provide some assistance.

This is getting quite frustrating.
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

dpk_walCommented:
Frankly I am not sure why this is happening; please check the firmware you have; 8.6 is the ltest firmware (when I last checked); if you do not have the latest firmware please upgrade as it would help.

If you already have the latest firmware, then if possible, I would suggest you to reset the unit to factory defaults and then reconfigure again. I think starting afresh would get rid of the problem you are facing.

Thank you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TechInNeedmmAuthor Commented:
both boxes have been upgraded to the latest firmware from day one.
8.6.2

a reset to factory defaults may be something i will have to consider if this persists.

I have had some suggestions on the watchgaurd internal forums and testing.

Thanks again for responding.
0
dpk_walCommented:
You are welcome. Would request to post your findings if you find any new workaround for the problem other than resetting the unit to factory defaults.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.