Thanks very much. I am now seeing a Phase 1 connection as UP in the web monitor. Not getting a Phase 2 though. In the log it looks like the phase 1 was successfully negotiated but there seems to be some kind of retransmit loop occuring, before the maxium retry count is reached and the whole connection is lost and an IPSEC failed message saying Timeout, before Phase 1 starts again. I wasnt 100% when configuring the proxy IDs, after some online troubleshooting it seemed i needed to configure it like that but that could very well be wrong.. Thanks so much for your help.
Here is the log:
[Jan 13 13:26:42]ikev2_packet_allocate: Allocated packet debc00 from freelist
[Jan 13 13:26:42]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
[Jan 13 13:26:42]ike_get_sa: Start, SA = { e691d302 bc688e6c - 00000000 00000000 } / 00000000, remote = 81.130.60.5:500
[Jan 13 13:26:42]ike_sa_allocate: Start, SA = { e691d302 bc688e6c - 56486a18 a223c735 }
[Jan 13 13:26:42]ike_init_isakmp_sa: Start, remote = 81.130.60.5:500, initiator = 0
[Jan 13 13:26:42]ike_decode_packet: Start
[Jan 13 13:26:42]ike_decode_packet: Start, SA = { e691d302 bc688e6c - 09812c8b 26208086} / 00000000, nego = -1
[Jan 13 13:26:42]ike_decode_payload_sa: Start
[Jan 13 13:26:42]ike_decode_payload_t: Start, # trans = 1
[Jan 13 13:26:42]ike_decode_payload_t: Start, # trans = 1
[Jan 13 13:26:42]ike_decode_payload_t: Start, # trans = 1
[Jan 13 13:26:42]ike_st_i_vid: VID[0..16] = afcad713 68a1f1c9 ...
[Jan 13 13:26:42]ike_st_i_vid: VID[0..16] = 27bab5dc 01ea0760 ...
[Jan 13 13:26:42]ike_st_i_vid: VID[0..16] = 6105c422 e76847e4 ...
[Jan 13 13:26:42]ike_st_i_vid: VID[0..16] = 4485152d 18b6bbcd ...
[Jan 13 13:26:42]ike_st_i_vid: VID[0..16] = cd604643 35df21f8 ...
[Jan 13 13:26:42]ike_st_i_vid: VID[0..16] = 90cb8091 3ebb696e ...
[Jan 13 13:26:42]ike_st_i_vid: VID[0..16] = 7d9419a6 5310ca6f ...
[Jan 13 13:26:42]ike_st_i_vid: VID[0..16] = 4a131c81 07035845 ...
[Jan 13 13:26:42]ike_st_i_vid: VID[0..28] = 69936922 8741c6d4 ...
[Jan 13 13:26:42]ike_st_i_id: Start
[Jan 13 13:26:42]ike_st_i_sa_proposal: Start
[Jan 13 13:26:42]ike_free_id_payload: Start, id type = 2
[Jan 13 13:26:42]ike_isakmp_sa_reply: Start
[Jan 13 13:26:42]ike_state_restart_packet: Start, restart packet SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = -1
[Jan 13 13:26:42]ike_st_i_sa_proposal: Start
[Jan 13 13:26:42]ike_st_i_nonce: Start, nonce[0..16] = 89ecec13 eda49beb ...
[Jan 13 13:26:42]ike_st_i_cert: Start
[Jan 13 13:26:42]ike_st_i_hash_key: Start, no key_hash
[Jan 13 13:26:42]ike_st_i_ke: Ke[0..128] = 396ab954 d8f18b64 ...
[Jan 13 13:26:42]ike_st_i_cr: Start
[Jan 13 13:26:42]ike_st_i_private: Start
[Jan 13 13:26:42]ike_st_o_sa_values: Start
[Jan 13 13:26:42]ike_st_o_ke: Start
[Jan 13 13:26:42]ike_st_o_nonce: Start
[Jan 13 13:26:42]ike_policy_reply_isakmp_nonce_data_len: Start
[Jan 13 13:26:42]ike_st_o_id: Start
[Jan 13 13:26:42]ike_policy_reply_isakmp_id: Start
[Jan 13 13:26:42]ike_state_restart_packet: Start, restart packet SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = -1
[Jan 13 13:26:42]ike_st_o_id: Start
[Jan 13 13:26:42]ike_st_o_certs_base: Start
[Jan 13 13:26:42]ike_st_o_sig_or_hash: Start, auth_method = 4
[Jan 13 13:26:42]ike_st_o_hash: Start
[Jan 13 13:26:42]ike_find_pre_shared_key: Find pre shared key key for 213.121.241.91:500, id = ipv4(any:0,[0..3]=213.121.241.91) -> 81.130.60.5:500, id = fqdn(any:0,[0..15]=juniper.myLink.com)
[Jan 13 13:26:42]ike_policy_reply_find_pre_shared_key: Start
[Jan 13 13:26:42]ike_state_restart_packet: Start, restart packet SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = -1
[Jan 13 13:26:42]ike_st_o_sig_or_hash: Start, auth_method = 4
[Jan 13 13:26:42]ike_st_o_hash: Start
[Jan 13 13:26:42]ike_find_pre_shared_key: Find pre shared key key for 213.121.241.91:500, id = ipv4(any:0,[0..3]=213.121.241.91) -> 81.130.60.5:500, id = fqdn(any:0,[0..15]=juniper.myLink.com)
[Jan 13 13:26:42]ike_calc_mac: Start, initiator = false, local = true
[Jan 13 13:26:42]ike_policy_reply_isakmp_vendor_ids: Start
[Jan 13 13:26:42]ike_st_o_status_n: Start
[Jan 13 13:26:42]ike_st_o_private: Start
[Jan 13 13:26:42]ike_policy_reply_private_payload_out: Start
[Jan 13 13:26:42]ike_policy_reply_private_payload_out: Start
[Jan 13 13:26:42]ike_policy_reply_private_payload_out: Start
[Jan 13 13:26:42]ike_st_o_calc_skeyid: Calculating skeyid
[Jan 13 13:26:42]ike_encode_packet: Start, SA = { 0xe691d302 bc688e6c - 09812c8b 26208086 } / 00000000, nego = -1
[Jan 13 13:26:42]ike_send_packet: Start, send SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = -1, dst = 81.130.60.5:500, routing table id = 0
[Jan 13 13:26:42]ikev2_packet_allocate: Allocated packet dec000 from freelist
[Jan 13 13:26:42]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:26:42]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
[Jan 13 13:26:42]ike_get_sa: Start, SA = { e691d302 bc688e6c - 09812c8b 26208086 } / 00000000, remote = 81.130.60.5:4500
[Jan 13 13:26:42]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:26:42]ike_decode_packet: Start
[Jan 13 13:26:42]ike_decode_packet: Start, SA = { e691d302 bc688e6c - 09812c8b 26208086} / 00000000, nego = -1
[Jan 13 13:26:42]ike_st_i_hash: Start, hash[0..20] = c46568b1 71e3a9f4 ...
[Jan 13 13:26:42]ike_calc_mac: Start, initiator = false, local = false
[Jan 13 13:26:42]ike_st_i_cert: Start
[Jan 13 13:26:42]ike_st_i_private: Start
[Jan 13 13:26:42]ike_st_o_wait_done: Marking for waiting for done
[Jan 13 13:26:42]ike_st_o_all_done: MESSAGE: Phase 1 { 0xe691d302 bc688e6c - 0x09812c8b 26208086 } / 00000000, version = 1.0, xchg = Aggressive, auth_method = Pre shared keys, Responder, cipher = 3des-cbc, hash = sha1, prf = hmac-sha1, life
[Jan 13 13:26:42]213.121.241.91:500 (Responder) <-> 81.130.60.5:500 { e691d302 bc688e6c - 09812c8b 26208086 [-1] / 0x00000000 } Aggr; MESSAGE: Phase 1 version = 1.0, auth_method = Pre shared keys, cipher = 3des-cbc, hash = sha1, prf = hmac-
[Jan 13 13:26:42]ike_send_notify: Connected, SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = -1
[Jan 13 13:26:42]iked_pm_ike_sa_done: local:213.121.241.91, remote:81.130.60.5 IKEv1
[Jan 13 13:26:42]IKE negotiation done for local:213.121.241.91, remote:81.130.60.5 IKEv1 with status: Error ok
[Jan 13 13:26:42]ikev2_packet_allocate: Allocated packet dec400 from freelist
[Jan 13 13:26:42]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:26:42]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
[Jan 13 13:26:42]ike_get_sa: Start, SA = { e691d302 bc688e6c - 09812c8b 26208086 } / b5dc0cef, remote = 81.130.60.5:4500
[Jan 13 13:26:42]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:26:42]ike_st_o_done: ISAKMP SA negotiation done
[Jan 13 13:26:42]ike_send_notify: Connected, SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = -1
[Jan 13 13:26:42]ike_free_negotiation_isakmp: Start, nego = -1
[Jan 13 13:26:42]ike_free_negotiation: Start, nego = -1
[Jan 13 13:26:42]ike_alloc_negotiation: Start, SA = { e691d302 bc688e6c - 09812c8b 26208086}
[Jan 13 13:26:42]ike_init_qm_negotiation: Start, initiator = 0, message_id = b5dc0cef
[Jan 13 13:26:42]ike_decode_packet: Start
[Jan 13 13:26:42]ike_decode_packet: Start, SA = { e691d302 bc688e6c - 09812c8b 26208086} / b5dc0cef, nego = 0
[Jan 13 13:26:42]ike_decode_payload_sa: Start
[Jan 13 13:26:42]ike_decode_payload_t: Start, # trans = 1
[Jan 13 13:26:42]ike_st_i_encrypt: Check that packet was encrypted succeeded
[Jan 13 13:26:42]ike_st_i_qm_hash_1: Start, hash[0..20] = c396a5cb 7522c0f4 ...
[Jan 13 13:26:42]ike_st_i_qm_nonce: Nonce[0..16] = 869a1bfc ac99e7b5 ...
[Jan 13 13:26:42]ike_st_i_qm_ke: Ke[0..128] = 3844a811 ab28cd72 ...
[Jan 13 13:26:42]ike_st_i_qm_sa_proposals: Start
[Jan 13 13:26:42]Added (spi=0x52fb5d98, protocol=0) entry to the spi table
[Jan 13 13:26:42]Added (spi=0x5124e7e0, protocol=0) entry to the spi table
[Jan 13 13:26:42]ike_qm_sa_reply: Start
[Jan 13 13:26:42]ike_qm_sa_reply: Selected proposal 0, and transform 0 for protocol 0
[Jan 13 13:26:42]ike_state_restart_packet: Start, restart packet SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0
[Jan 13 13:26:42]ike_st_i_qm_sa_proposals: Start
[Jan 13 13:26:42]ike_st_i_status_n: Start, doi = 1, protocol = 0, code = unknown (40001), spi[0..4] = 075e81fb 00000000 ..., data[0..8] = 00010004 0a3c0601 ...
[Jan 13 13:26:42]<none>:4500 (Responder) <-> 81.130.60.5:4500 { e691d302 bc688e6c - 09812c8b 26208086 [0] / 0xb5dc0cef } QM; Invalid protocol_id = 0
[Jan 13 13:26:42]iked_pm_ike_spd_notify_received: Received authenticated notification payload unknown from local:213.121.241.91 remote:81.130.60.5 IKEv1 for P1 SA 5503205
[Jan 13 13:26:42]Received NHTB payload from local:213.121.241.91, remote:81.130.60.5 IKEv1 P1 SA index 5503205
[Jan 13 13:26:42]Received NHTB private IP address 10.60.6.1
[Jan 13 13:26:42]QM notification `(null)' (40001) (size 8 bytes) from 81.130.60.5:4500 for protocol Reserved spi[0...3]=07 5e 81 fb
[Jan 13 13:26:42]ike_st_i_private: Start
[Jan 13 13:26:42]ike_st_o_qm_hash_2: Start
[Jan 13 13:26:42]ike_st_o_qm_sa_values: Start
[Jan 13 13:26:42]ike_st_o_qm_nonce: Start
[Jan 13 13:26:42]ike_policy_reply_qm_nonce_data_len: Start
[Jan 13 13:26:42]ike_st_o_qm_optional_ke: Start
[Jan 13 13:26:42]ike_st_o_qm_optional_ids: Start
[Jan 13 13:26:42]ikev2_fb_qm_local_id: Using ipv4_subnet(any:0,[0..7]=10.60.3.0/24) as local QM identity
[Jan 13 13:26:42]ike_policy_reply_qm_local_id: Start
[Jan 13 13:26:42]ikev2_fb_qm_remote_id: Using ipv4_subnet(any:0,[0..7]=10.60.7.0/24) as remote QM identity
[Jan 13 13:26:42]ike_policy_reply_qm_remote_id: Start
[Jan 13 13:26:42]ike_st_qm_optional_id: Start
[Jan 13 13:26:42]ike_st_qm_optional_id: Start
[Jan 13 13:26:42]ike_st_o_qm_optional_responder_lifetime_n: Start
[Jan 13 13:26:42]ike_st_o_private: Start
[Jan 13 13:26:42]Construction NHTB payload for local:213.121.241.91, remote:81.130.60.5 IKEv1 P1 SA index 5503205 sa-cfg myLink
[Jan 13 13:26:42]iked_nhtb_get_tunnel_ifam: got ifa error 0
[Jan 13 13:26:42]ike_policy_reply_private_payload_out: Start
[Jan 13 13:26:42]ike_policy_reply_private_payload_out: Start
[Jan 13 13:26:42]ike_st_o_encrypt: Marking encryption for packet
[Jan 13 13:26:42]ike_encode_packet: Start, SA = { 0xe691d302 bc688e6c - 09812c8b 26208086 } / b5dc0cef, nego = 0
[Jan 13 13:26:42]ike_send_packet: Start, send SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0, dst = 81.130.60.5:4500, routing table id = 0
[Jan 13 13:26:52]ikev2_packet_allocate: Allocated packet dec800 from freelist
[Jan 13 13:26:52]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:26:52]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
[Jan 13 13:26:52]ike_get_sa: Start, SA = { e691d302 bc688e6c - 09812c8b 26208086 } / b5dc0cef, remote = 81.130.60.5:4500
[Jan 13 13:26:52]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:26:52]ike_retransmit_callback: Start, retransmit SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0
[Jan 13 13:26:52]ike_send_packet: Start, retransmit previous packet SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0, dst = 81.130.60.5:4500 routing table id = 0
[Jan 13 13:27:02]ikev2_packet_allocate: Allocated packet decc00 from freelist
[Jan 13 13:27:02]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:27:02]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
[Jan 13 13:27:02]ike_get_sa: Start, SA = { e691d302 bc688e6c - 09812c8b 26208086 } / b5dc0cef, remote = 81.130.60.5:4500
[Jan 13 13:27:02]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:27:02]ike_retransmit_callback: Start, retransmit SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0
[Jan 13 13:27:02]ike_send_packet: Start, retransmit previous packet SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0, dst = 81.130.60.5:4500 routing table id = 0
[Jan 13 13:27:12]ikev2_packet_allocate: Allocated packet ded000 from freelist
[Jan 13 13:27:12]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:27:12]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
[Jan 13 13:27:12]ike_get_sa: Start, SA = { e691d302 bc688e6c - 09812c8b 26208086 } / b5dc0cef, remote = 81.130.60.5:4500
[Jan 13 13:27:12]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:27:12]ike_retransmit_callback: Start, retransmit SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0
[Jan 13 13:27:12]ike_send_packet: Start, retransmit previous packet SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0, dst = 81.130.60.5:4500 routing table id = 0
[Jan 13 13:27:22]ikev2_packet_allocate: Allocated packet ded400 from freelist
[Jan 13 13:27:22]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:27:22]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
[Jan 13 13:27:22]ike_get_sa: Start, SA = { e691d302 bc688e6c - 09812c8b 26208086 } / b5dc0cef, remote = 81.130.60.5:4500
[Jan 13 13:27:22]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:27:22]ike_retransmit_callback: Start, retransmit SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0
[Jan 13 13:27:22]ike_send_packet: Start, retransmit previous packet SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0, dst = 81.130.60.5:4500 routing table id = 0
[Jan 13 13:27:32]ikev2_packet_allocate: Allocated packet ded800 from freelist
[Jan 13 13:27:32]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:27:32]ikev2_packet_v1_start: Passing IKE v1.0 packet to IKEv1 library
[Jan 13 13:27:32]ike_get_sa: Start, SA = { e691d302 bc688e6c - 09812c8b 26208086 } / b5dc0cef, remote = 81.130.60.5:4500
[Jan 13 13:27:32]ike_sa_find: Found SA = { e691d302 bc688e6c - 09812c8b 26208086 }
[Jan 13 13:27:32]ike_retransmit_callback: Start, retransmit SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0
[Jan 13 13:27:32]ike_send_packet: Start, retransmit previous packet SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0, dst = 81.130.60.5:4500 routing table id = 0
[Jan 13 13:27:42]ike_retransmit_callback: Start, retransmit SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0
[Jan 13 13:27:42]ike_retransmit_callback: Isakmp query retry limit reached, deleting
[Jan 13 13:27:42]<none>:4500 (Responder) <-> 81.130.60.5:4500 { e691d302 bc688e6c - 09812c8b 26208086 [0] / 0xb5dc0cef } QM; Error = Timeout (8197)
[Jan 13 13:27:42]ike_send_notify: Private notification, do not send notification
[Jan 13 13:27:42]ike_delete_negotiation: Start, SA = { e691d302 bc688e6c - 09812c8b 26208086}, nego = 0
[Jan 13 13:27:42]ike_free_negotiation_qm: Start, nego = 0
[Jan 13 13:27:42]ike_free_negotiation: Start, nego = 0
[Jan 13 13:27:42]ike_free_id_payload: Start, id type = 4
[Jan 13 13:27:42]ike_free_id_payload: Start, id type = 4
[Jan 13 13:27:42]ike_free_id_payload: Start, id type = 4
[Jan 13 13:27:42]ike_free_id_payload: Start, id type = 4
[Jan 13 13:27:42]IPSec negotiation failed for SA-CFG myLink for local:213.121.241.91, remote:81.130.60.5 IKEv1. status: Timed out
[Jan 13 13:27:42] P2 ed info: flags 0x80, P2 error: Error ok
[Jan 13 13:27:42]iked_pm_check_p2_failure_num: Phase2 failed 1/3 times for P1 SA 5503205
[Jan 13 13:27:42] IKEv1 Error : Timeout