I'm at a complete loss as to what would cause this issue i'm experiencing (i'll try explain this as best I can as its hard to explain)..
I have two Organizations
Organization 1 has Network 1
Organization 2 has Networks 1, 2, and 3
I can establish a VPN Tunnel from Organization 1 Network 1 to Organization 2 Network 1 and 2
I can establish a VPN Tunnel from Organization 1 Network 1 to Organization 2 Network 3
I cannot establish a VPN Tunnel from Organization 1 Network 1 to Organization 2 Network 1, 2 and 3
Working from Organization 1
If I have a working tunnel with to Organization 2 Network 1 and 2 then try to add Organization 2 Network 3, the logs for show
msg: phase2 negotiation failed due to time up waiting for phase1. ESP 144.130.xxx.xxx[0]->10.1.1.2[0]
msg: phase1 negotiation failed due to time up. 8d8627ebd6d071a1:e3cc535a1caf1006
msg: request for establishing IPsec-SA was queued due to no phase1 found.
msg: initiate new phase 1 negotiation: 10.1.1.2[500]<=>144.130.xxx.xxx[500]
If I have a working tunnel with to Organization 2 Network 3 then try to add Organization 2 Network 1 and / or 2 the logs show
msg: phase1 negotiation failed due to time up. c4437031800f8ab7:0000000000000000
msg: phase1 negotiation failed due to time up. b679565d253b7ff5:0000000000000000
msg: notification NO-PROPOSAL-CHOSEN received in unencrypted informational exchange.
msg: request for establishing IPsec-SA was queued due to no phase1 found.
msg: request for establishing IPsec-SA was queued due to no phase1 found.
msg: IPsec-SA expired: ESP/Tunnel 144.130.xxx.xxx[500]->58.171.xxx.xxx[500]
msg: phase2 negotiation failed due to time up waiting for phase1. ESP 149.135.xx.xxx[0]->144.130.xxx.xxx[0]
msg: IPsec-SA expired: ESP/Tunnel 144.130.xxx.xxx[500]->149.135.xx.xxx[500]
msg: initiate new phase 1 negotiation: 144.130.xxx.xxx[500]<=>58.171.xxx.xxx[500]
msg: IPsec-SA request for 58.171.xxx.xxx queued due to no phase1 found.
msg: notification NO-PROPOSAL-CHOSEN received in unencrypted informational exchange.
msg: initiate new phase 1 negotiation: 144.130.xxx.xxx[500]<=>149.135.xx.xxx[500]
msg: IPsec-SA request for 149.135.xx.xxx queued due to no phase1 found.
msg: IPsec-SA expired: ESP/Tunnel 144.130.xxx.xxx[500]->58.171.xxx.xxx[500]
msg: phase2 negotiation failed due to time up waiting for phase1. ESP 149.135.xx.xxx[0]->144.130.xxx.xxx[0]
msg: IPsec-SA expired: ESP/Tunnel 144.130.xxx.xxx[500]->149.135.xx.xxx[500]
To the best of my knowledge the error logs suggest that either there is a mismatch with the IPSec Policies or that the sites flat out can't talk to each other, if either of those where the case I should not be able to establish a connection at all. Does anyone have any thoughts on what could cause this, i'm completely out of ideas at this point and have been battling with this for the last two days now.
