12-04-2012 06:43 PM
Here's a doozy.
We have been having issues with a specific ISP Provider which for some reason our RAP-AP93s have been dropping their IPSEC Tunnel back to our controler.
What we have seen through our firewall is something like this: (I changed the IP address, security reasons)
21:32:38.442151 IP (tos 0x0, ttl 54, id 11433, offset 0, flags [DF], proto UDP (17), length 144) 922.214.171.124.60002 > 999.9126.96.36.19900: [no cksum] UDP-encap: ESP(spi=0xc9aeec00,seq=0x225b), length 116 21:32:38.442253 IP (tos 0x0, ttl 253, id 0, offset 0, flags [none], proto UDP (17), length 144) 999.9188.8.131.5200 > 9184.108.40.206.60002: [no cksum] UDP-encap: ESP(spi=0x38695b00,seq=0x2532), length 116 21:32:38.572358 IP (tos 0x0, ttl 54, id 11434, offset 0, flags [DF], proto UDP (17), length 160)
As you can see from this line 9220.127.116.11.60002 > 999.918.104.22.16800: [no cksum] UDP-encap:
It seems as though it is an issue with the ISP provider and we have been working with them to replicate the issue and they have been unable to, even the modem manufacturer is involved and they cannot replicate.
Has anyone seen something like this? The location is currently offline.
What can I gather from the controller in terms of logs to help move this along?
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]