06-03-2007 06:10 AM - edited 02-21-2020 03:05 PM
Hi All,
We've setup a VPN tunnel with a partner through Internet (@Different Country with different Time Zone) using the following guidlines:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800b12b5.shtml
We are phasing the following "strange" problem... The tunnel comes up and works for 8-10 minutes. After that the windows server stops "decrypting" the packets that cisco sends (ESP packets get transmitted and received by the Windows 2003 server, confirmed with ethereal). Now, after 50-52 minutes (that is after 3600 seconds that the transform-set security association lifetime expires and SPI/SAs are re-negotiated) the tunnel works again and the story goes on forever (8-10 minutes works, 50-52 minutes does not work).
Any Ideas?
From Cisco Site, the configuration is as Follows.....
!
isakmp enable
!
crypto isakmp policy 1
encryption 3des
hash sha
group 2
authentication pre-share
lifetime 86400
!
crypto isakmp key peersharedkey! address <MY_Partner_IP>
!
crypto ipsec security-association lifetime seconds 3600
!
crypto ipsec transform-set PARTNERset esp-des esp-md5-hmac
!
crypto map PARTNER 1 ipsec-isakmp
set peer <MY_Partner_IP>
set transform-set PARTNERset
match address 115
!
!
interface Ethernet0/1
ip address <My_Public_IP> 255.255.255.248
crypto map PARTNER
!--- Source/Destination networks defined
access-list 115 permit ip 192.168.1.0 0.0.0.255 10.10.10.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 <My_ISP_Gateway>
06-08-2007 07:04 AM
Try this:
Adjust TCP MTU on the router.
06-17-2007 09:47 PM
We did adjust MTU on Server and Interfaces to make it 1400 but still problem remains. The packets that the devices transmit are small ~350 bytes, so I do not think is an MTU issue.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: