5505 to 5510 VPN dropping

Unanswered Question
Nov 7th, 2007

I have a pair of 5510's at the headend with a dynamic crypto map and a 5505 at the remote site with a static crypto map. The VPN is initate only from the 5505.

Problem: This vpn has been up and running for a few weeks with no apparent problem. Now today the customer reported that the VPN went down, yet the remote site still has IP connectivity to the headend peer. There is plenty of data at the remote site to initiate the VPN, but still no VPN. Finally the VPN came up after power cycling the 5505 a second time (user reported that they tried that before calling me). When I had them do it a second time we let it sit for close to a minute. Anyway, now 7 hours later the VPN has dropped again and still down. I tried clear the isakmp sa's at the headend and didn't help.

I know I haven't provided a lot of tech info with this post, but am posting in hopes that I'm not the first to experience this. Meanwhile I'll try to gather more info with the customer.

I have about 40 other remote 5505's configured the same way, that have been working fine for months.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ivillegas Wed, 11/14/2007 - 13:04

One of the reasons coule be enabling the command http server enable with multiple hosts configured on the same interface. To workaroud this issue the http server enable command before the addition of any HTTP hosts. Alternatively, only configure one HTTP host per interface.


This Discussion