• April 25, 2024, 10:03:24 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: VPN ipsec IP change  (Read 2902 times)

danf

  • Level 1 Member
  • *
  • Posts: 3
VPN ipsec IP change
« on: September 10, 2011, 12:48:45 PM »
I have a bit of a strange problem.

We have two routers that have recently had a new ISP added (so both IP addresses on the VPNs have changed.)
It is a vlan between two dfl-800s. The old ISPs are still active on the router. I'm trying to get the tunnel to establish on the new ISP on both sides, due to the speed increase.

One side of the VPN took the new IP address fine, the tunnel reestablished itself right away. However, when I tell the other side of the VPN to use the new IP address it fails with "No proposal chosen".

Basically, we have this:

Site A (main Site)                  Site B (child site)                                 Status
old ip address of site b (wan2)          old ip address of site a (wan2)      works
new ip address of site b (wan1)        old ip address of site a (wan2)      works
new ip address of site b (wan1)        new address of site a (wan1)         NOT working

From the log on site A, I can see it is trying to use the old interface. There's no interface designation during the tunnel setup, so I'm rather confused. I can't figure out why the DFL at site A is trying to use the old IP address. Is there any place that there could be a rule defined telling the VPN to use the wrong interface for the connection?

Log:
2011-09-10
12:27:10    Info    IPSEC
1803021          
   
   
   ipsec_sa_statistics
done=9 success=2 failed=7
2011-09-10
12:27:10    Warning    IPSEC
1800109          
   
   
   ike_quickmode_failed
local_ip=OLD IP remote_ip=NEW IP of remote cookies=20ef681f139e7273ad5f315247dfafc4 reason="No proposal chosen"
2011-09-10
12:27:10    Warning    IPSEC
1803020          
   
   
   ipsec_sa_failed
no_ipsec_sa
statusmsg="No proposal chosen"
2011-09-10
12:27:10    Info    IPSEC
1800102          
   
   
   ipsec_event
message=" Remote Proxy ID 192.168.212.0/24 any"
2011-09-10
12:27:10    Info    IPSEC
1800102          
   
   
   ipsec_event
message=" Local Proxy ID 192.168.10.0/24 any"
2011-09-10
12:27:10    Info    IPSEC
1802703          
   
   
   ike_sa_negotiation_completed
ike_sa_completed
local_peer="OLD IP ID OLD IP" remote_peer="NEW IP of remote ID NEW IP of remote" initiator_spi="20ef681f 139e7273" responder_spi="ad5f3152 47dfafc4" int_severity=6
2011-09-10
12:27:10    Info    IPSEC
1800102          
   
   
   ipsec_event
message="IPsec SA [Initiator] negotiation failed

Based on the logs, it appears one side of the connection is trying to establish on the wrong interface, and I haven't a clue how to fix it.
Logged