Why did vpn tunnel go down after 24hrs

Unanswered Question
Apr 11th, 2007

I configured a router and had an outer security access-list put on an interface which denied certain criteria. This was put on after everything was checked during an on-site installation. Nearly 24 hrs later this error message came up as the monitorinbg software showed the vpn tunnel as down - Mar 31 14:02:53.572: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=10. He applied this line to my access-list "permit ip any any". Why did this happen and why after 24 hrs?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
jbeltrame Wed, 04/11/2007 - 16:32

Check to make sure your key lifetime is for 24hrs. (86400) That could cause the tunnel to drop after 24hrs.

amanuddin80 Thu, 04/12/2007 - 00:14

by default, IPSec tunnel lifetime is set a one day, 24 hrs (86400 Sec). If there is no packet is transfer between peers during this period, so the tunnel will automatically terminate. You may change this life-time in IPSec parameters.


VPN Tunnel has definite Security Association Lifetime. Can be different for Phase I and Phase II. Before SA time expired new SA will get negotiated. But if you want to keep tunnel "Always UP" monitor tunnel end point means inside interface thro' management station. Or otherwise yu can use Keep alive setting.

Another option set Idle Timeout of IPsec tunnel as you want.


This Discussion