Tunnel breaks and takes longer time to come up

Unanswered Question
Dec 17th, 2007
User Badges:

We are having site-tosite tunnels configured.

Now from branches tunnels are terminating to Distribution router(NAP Router).From NAP router tunnel is terminated to core router.

Hence we have two tunnels...from branch to NAP and from NAP to Core.

Sometimes all branches tunnels are down and we need to clear crypto session on NAP as well as all branches.Sometimes we need to remove crypto and put it again

This takes a lot time.

What could be the reason.

Following is sample conf

crypto isakmp policy 200

encr 3des

authentication pre-share

crypto isakmp key TEST address A.A.A.A

crypto map XXX local-address Loopback1

crypto map XXX 100 ipsec-isakmp

set peer A.A.A.A

set security-association lifetime seconds 86400

set transform-set TEST

match address YYY

Is there we need to add?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion