We are having site-tosite tunnels configured.
Now from branches tunnels are terminating to Distribution router(NAP Router).From NAP router tunnel is terminated to core router.
Hence we have two tunnels...from branch to NAP and from NAP to Core.
Sometimes all branches tunnels are down and we need to clear crypto session on NAP as well as all branches.Sometimes we need to remove crypto and put it again
This takes a lot time.
What could be the reason.
Following is sample conf
crypto isakmp policy 200
crypto isakmp key TEST address A.A.A.A
crypto map XXX local-address Loopback1
crypto map XXX 100 ipsec-isakmp
set peer A.A.A.A
set security-association lifetime seconds 86400
set transform-set TEST
match address YYY
Is there we need to add?