<div dir="ltr"><br><div>Very unlikely to be directly a time/NTP issue if it's that small a difference.</div><div><br></div><div>Encryption and authentication with basic IPSec PSK type configurations isn't dependent on time synchronisation with peers. </div>
<div><br></div><div>Expiry of negotiated phase 1/2 parameters might happen if there was a larger skew, e.g. minutes/hours.</div><div class="gmail_extra"><div><div dir="ltr"><br></div></div>
I'd lean towards a phase 2 renegotiation failure. Or software bug triggered by time skew and adjustment.</div><div class="gmail_extra"><br></div><div class="gmail_extra"><div>What are the phase 1 and 2 parameters for each side of the tunnel ? e.g. lifetime in seconds and/or bytes ?</div>
<div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 6 January 2014 13:09, Geordie Guy <span dir="ltr"><<a href="mailto:elomis@gmail.com" target="_blank">elomis@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">G'day NOGgers,<div><br></div><div>We have an IPSEC peer that keeps dropping the tunnel and renegotiating. The only events in the logs on their side that look like they could be related are a fairly constant NTP update which is causing their Netscreen to adjust by between 3 and 13 milliseconds every ten minutes. Would this cause the tunnel to renegotiate when the clock changed? It seems to happen on the half hour every half hour, or every three NTP updates.</div>
<span class=""><font color="#888888">
<div><br></div><div>- Geordie</div></font></span></div>
<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div></div>