04-11-2007 04:58 AM - edited 02-21-2020 02:58 PM
I configured a router and had an outer security access-list put on an interface which denied certain criteria. This was put on after everything was checked during an on-site installation. Nearly 24 hrs later this error message came up as the monitorinbg software showed the vpn tunnel as down - Mar 31 14:02:53.572: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=10. He applied this line to my access-list "permit ip any any". Why did this happen and why after 24 hrs?
04-11-2007 04:32 PM
Check to make sure your key lifetime is for 24hrs. (86400) That could cause the tunnel to drop after 24hrs.
04-12-2007 12:14 AM
by default, IPSec tunnel lifetime is set a one day, 24 hrs (86400 Sec). If there is no packet is transfer between peers during this period, so the tunnel will automatically terminate. You may change this life-time in IPSec parameters.
Regards/Aman
04-12-2007 06:31 AM
VPN Tunnel has definite Security Association Lifetime. Can be different for Phase I and Phase II. Before SA time expired new SA will get negotiated. But if you want to keep tunnel "Always UP" monitor tunnel end point means inside interface thro' management station. Or otherwise yu can use Keep alive setting.
Another option set Idle Timeout of IPsec tunnel as you want.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide