Hi team,
I have 4800 HA and have a tunnel built with AWS using VTI and running BGP over it. Every alternate day the tunnel stops working. I see the SAs are established, BGP sessions are established however traffic flowing through tunnel fails over below errors.
Other day I found a issue for deleteing VTI interfaces and adding and that had resovled the issue. However none of the remedy is working the tunnel; I even reset the tunnel couple of time, bounced the BGP but no luck.
Any idea?
@;2092013252;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3200 -> xx.xx.32.124:61577 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013252;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:22 -> xx.xx.24.120:53455 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013252;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:22 -> xx.xx.24.120:53453 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013252;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:22 -> xx.xx.24.120:53452 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013252;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3300 -> xx.xx.21.54:53812 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013278;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:22 -> xx.xx.24.120:53454 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013278;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3200 -> xx.xx.24.26:49444 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013278;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3300 -> xx.xx.24.243:52899 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013296;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 xx.xx.24.12:445 -> xx.xx.xx.xx:38326 dropped by vpn_encrypt_chain Reason: Could not change connection vpn interface.;
@;2092013296;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:22 -> xx.xx.24.34:49433 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013297;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3200 -> xx.xx.32.150:58372 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013298;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3300 -> xx.xx.24.243:52899 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013300;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:22 -> xx.xx.24.120:53455 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013300;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3300 -> xx.xx.21.54:53812 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013322;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3300 -> xx.xx.24.243:52894 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013322;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3300 -> xx.xx.24.243:52893 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013323;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 xx.xx.24.82:2049 -> xx.xx.xx.xx:781 dropped by vpn_encrypt_chain Reason: Could not change connection vpn interface.;
@;2092013324;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 xx.xx.24.12:445 -> xx.xx.xx.xx:36060 dropped by vpn_encrypt_chain Reason: Could not change connection vpn interface.;
@;2092013340;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3300 -> xx.xx.5.180:44528 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013340;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3200 -> xx.xx.32.150:58372 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013343;[cpu_2];[fw4_1];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:22 -> xx.xx.24.120:53455 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013343;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3300 -> xx.xx.24.243:52899 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013344;[cpu_3];[fw4_0];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:3300 -> xx.xx.24.243:52899 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
@;2092013365;[cpu_1];[fw4_2];fw_log_drop_ex: Packet proto=6 xx.xx.xx.xx:22 -> xx.xx.24.120:53456 dropped by chain_ipsec_methods_ok Reason: vpn_decrypt_methods_ok failed;
Thanks and Regards,
Blason R
CCSA,CCSE,CCCS