There are serious bugs in sasyncd. Please do not use it yet. Instead perhaps (like me) you can encourage the developers who wrote it to... finish it.
> Are these messages "normal" for a carped pair of firewalls running isakmpd > with sasyncd (3.8-stable)? > > FW1/master - /var/log/message: > Mar 16 01:37:40 fw1 isakmpd[32692]: message_recv: invalid cookie(s) > 222729dc227c8f28 a0d29ef92ee65243 > Mar 16 01:37:40 fw1 isakmpd[32692]: dropped message from x1.x2.x3.178 port > 500 due to notification type INVALID_COOKIE > Mar 16 01:37:45 fw1 isakmpd[32692]: message_recv: invalid cookie(s) > 222729dc227c8f28 a0d29ef92ee65243 > Mar 16 01:37:45 fw1 isakmpd[32692]: dropped message from x1.x2.x3.178 port > 500 due to notification type INVALID_COOKIE > > FW2/backup - /var/log/message: > Mar 16 01:35:49 fw2 isakmpd[5980]: transport_send_messages: giving up on > exchange ISAKMP-peer, no response from peer x1.x2.x3.178:500 > Mar 16 01:37:49 fw2 isakmpd[5980]: transport_send_messages: giving up on > exchange ISAKMP-peer, no response from peer x1.x2.x3.178:500 > > -Steve S.
