06-03-2007 06:10 AM - edited 02-21-2020 03:05 PM
Hi All,
We've setup a VPN tunnel with a partner through Internet (@Different Country with different Time Zone) using the following guidlines:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b12b5.shtml
We are phasing the following "strange" problem... The tunnel comes up and works for 8-10 minutes. After that the windows server stops "decrypting" the packets that cisco sends (ESP packets get transmitted and received by the Windows 2003 server, confirmed with ethereal). Now, after 50-52 minutes (that is after 3600 seconds that the transform-set security association lifetime expires and SPI/SAs are re-negotiated) the tunnel works again and the story goes on forever (8-10 minutes works, 50-52 minutes does not work).
Any Ideas?
From Cisco Site, the configuration is as Follows.....
!
isakmp enable
!
crypto isakmp policy 1
encryption 3des
hash sha
group 2
authentication pre-share
lifetime 86400
!
crypto isakmp key peersharedkey! address <MY_Partner_IP>
!
crypto ipsec security-association lifetime seconds 3600
!
crypto ipsec transform-set PARTNERset esp-des esp-md5-hmac
!
crypto map PARTNER 1 ipsec-isakmp
set peer <MY_Partner_IP>
set transform-set PARTNERset
match address 115
!
!
interface Ethernet0/1
ip address <My_Public_IP> 255.255.255.248
crypto map PARTNER
!--- Source/Destination networks defined
access-list 115 permit ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 <My_ISP_Gateway>
06-08-2007 07:04 AM
Try this:
Adjust TCP MTU on the router.
06-17-2007 09:47 PM
We did adjust MTU on Server and Interfaces to make it 1400 but still problem remains. The packets that the devices transmit are small ~350 bytes, so I do not think is an MTU issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide