Site to Site VPN initial connection fails then works second time

ciscoacs · ‎11-05-2007

I have setup a site to site vpn and during testing I am trying to telnet to a device at the other end of the vpn tunnel on port 80 to simulate web access. The tunnel initiates but no traffic is passed and the telnet times out. Once the tunnel is setup and I try again straight afterwards I can connect successfully, it only seems to be the first connection that drops while the tunnel is forming can someone tell me what I have done wrong please?

smahbub · ‎11-12-2007

There might be many reasons that a VPN tunnel fails to come up on a router. However, one of the most common reasons is if a router is also configured for a VPN Client connection.

In order to resolve this issue, use the no-xauth keyword with the command crypto isakmp key if router-to-router IPsec is on the same crypto map as a VPN Client-to-Cisco-IOS IPsec. This keyword prevents the router from prompting the peer for Xauth information (username and password).

ciscoacs · ‎11-12-2007

The site to site vpn has been setup between two firewalls would this cause the same issues as above?

andyjames · ‎11-16-2007

It is quite normal for the first "interesting traffic" flow to timeout whilst the vpn session is esablished.

Try using a ping to bring the tunnel up, you will see the first 1 or 2 pings timeout and then succeed. If you try the telnet then it will work.