My Oracle Support Banner

OCI IPSec Tunnel Bounces or Goes Down Intermittently (Doc ID 2437846.1)

Last updated on AUGUST 21, 2018

Applies to:

Oracle Cloud Infrastructure - Version N/A and later
Information in this document applies to any platform.

Symptoms

On Oracle Cloud Infrastructure (OCI), an IPSec tunnel was working for some time, but then became unstable.

Logging on the Customer Premise Equipment (CPE) shows the errors and instability - ipsec status shows:

000 # 1: "cloudX": 500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2345s; newest ISAKMP; lastdpd = 3s (seq in: 0 out: 0); idle; import: admin initiate
000 # 4: "cloudX": 500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in 2689s; newest IPSEC; eroute owner; isakmp # 1; idle; import: admin initiate
000 # 4: "cloudX" esp.<instance>@<ip address> esp.xxxxxx@<ip address> tun.0@<ip address> tun.0@<ip address> ref = 0 refhim = 0 Traffic: ESPin = 0B ESPout = 5KB! ESP max = 4194303B

In CPE log:

Jul 18 11: 55: 55.221488: packet from <ip address>:4500: exchange type or ISAKMP Message has an unknown value: 208 (0xd0)
Jul 18 11: 55: 55.221579: packet from <ip address>:4500: Received packet with mangled IKE header - dropped
Jul 18 11: 56: 02.797268: packet from <ip address>:4500: exchange type or ISAKMP Message has an unknown value: 208 (0xd0)
Jul 18 11: 56: 02.797413: packet from <ip address>:4500: Received packet with mangled IKE header - dropped
Jul 18 11: 44: 02.733383: packet from <ip address>:4500: next payload type or ISAKMP Message has an unknown value: 126 (0x7e)
Jul 18 11: 44: 02.733483: packet from <ip address>:4500: Received packet with mangled IKE header - dropped
Jul 18 11: 44: 32.478148: packet from <ip address>:4500: next payload type or ISAKMP Message has an unknown value: 78 (0x4e)
Jul 18 11: 44: 32.478244: packet from <ip address>:4500: Received packet with mangled IKE header - dropped
Jul 18 11: 47: 32.517430: packet from <ip address>:4500: next payload type or ISAKMP Message has an unknown value: 126 (0x7e)
Jul 18 11: 47: 32.517534: packet from <ip address>:4500: Received packet with mangled IKE header - dropped

 

Changes

 No known changes on the customer configuration

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.