VPN Issue btn Cisco Router and Windows 2003

Unanswered Question
Jun 3rd, 2007

Hi All,

We've setup a VPN tunnel with a partner through Internet (@Different Country with different Time Zone) using the following guidlines:


We are phasing the following "strange" problem... The tunnel comes up and works for 8-10 minutes. After that the windows server stops "decrypting" the packets that cisco sends (ESP packets get transmitted and received by the Windows 2003 server, confirmed with ethereal). Now, after 50-52 minutes (that is after 3600 seconds that the transform-set security association lifetime expires and SPI/SAs are re-negotiated) the tunnel works again and the story goes on forever (8-10 minutes works, 50-52 minutes does not work).

Any Ideas?

From Cisco Site, the configuration is as Follows.....


isakmp enable


crypto isakmp policy 1

encryption 3des

hash sha

group 2

authentication pre-share

lifetime 86400


crypto isakmp key peersharedkey! address <MY_Partner_IP>


crypto ipsec security-association lifetime seconds 3600


crypto ipsec transform-set PARTNERset esp-des esp-md5-hmac


crypto map PARTNER 1 ipsec-isakmp

set peer <MY_Partner_IP>

set transform-set PARTNERset

match address 115



interface Ethernet0/1

ip address <My_Public_IP>

crypto map PARTNER

!--- Source/Destination networks defined

access-list 115 permit ip


ip route <My_ISP_Gateway>

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pavlosd Sun, 06/17/2007 - 21:47

We did adjust MTU on Server and Interfaces to make it 1400 but still problem remains. The packets that the devices transmit are small ~350 bytes, so I do not think is an MTU issue.


This Discussion