iked failed find SPSAItem

Hi

M370 12.6.2 <-> T15 12.5.5

This is a bovpn VIF using ikev2 with AES-GCM-128 DH20 / ESP-AES128-GCM DH19.
Saw this getting logged for at least 30 minuttes. The tunnel was working and parsing traffic, but out of 50 tunnels this was the only one logging this.

A tunnel rekey did not help. Any clue why?

ked (M370<->T15)Dropped IKEv2 INFORMATIONAL message from T15:500. Gateway-Endpoint='KaufmannOdenseRC'. Reason=Invalid message ID in INFO request message. msg_id="021A-0005" Debug
iked (M370<->T15)recv a duplicated request msg, but could not find the response retry object with msgId(71) Debug
iked (M370<->T15)Dropped IKEv2 INFORMATIONAL message from T15:500. Gateway-Endpoint='KaufmannOdenseRC'. Reason=Invalid message ID in INFO request message. msg_id="021A-0005" Debug
iked (M370<->T15)recv a duplicated request msg, but could not find the response retry object with msgId(71) Debug
iked failed find SPSAItem using ipsec_pcy:KaufmannOdenseRC Item:(nil) OtherItem:(nil) Debug
iked failed find SPSAItem using ipsec_pcy:KaufmannOdenseRC Item:(nil) OtherItem:(nil) Debug

/Robert

Comments

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    Hi @RVilhelmsen
    The log message there indicates that we received invalid message IDs in some traffic and dropped them. Since you're also seeing messages about duplicate requests, it suggests there may be a packet retransmission issue between point A and B. If the tunnel is working, the firewall is compensating for this and resending traffic, or dropping duplicate requests as needed.

    This type of IKE message will generally only occur if you have IPSec/IKE logging turned up to INFORMATION. If you're not actively troubleshooting something, I'd suggest turning this back down to error, as it'll show messages that don't pertain to any active problem if logging is turned up that high.

    -James Carson
    WatchGuard Customer Support

  • edited October 14

    Thanks @James_Carson for the explanation. I makes sence.
    FYI loglevel is set to error though

Sign In to comment.