route remain in the routing table after disconnect vpn client

Unanswered Question
Jun 4th, 2008
User Badges:

I have configured a 2811 with pppoe and fix ip address with adsl, the use it as easy vpn server and another 2811 configured as easy vpn client also use pppoe connect to random ip address adsl.

I just want to ask that why the route is remained after i disconnect remote easy vpn.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Sat, 06/07/2008 - 13:06
User Badges:
  • Red, 2250 points or more

Does it remain after you do:


clear crypto isakmp

clear crypto sa


Regards


Farrukh

netcraftjason Tue, 06/30/2009 - 03:49
User Badges:

I am facing the same issue for my easy vpn server and clients.


My Cisco 3825 has an easy vpn server configuration with an ip pool. When one of the client disconnects and his isakmp sa deleted by router itself. The route pointing to the ip pool's ip address is still in routing table!!! This time another vpn client connects and get the same ip pool's ip address. But, this new connected vpn client is located on another interface of the router. So, an extreme problem occur! A route pointing to 2 next hops is created! So bad!


Can another help me? How can I delete the bad route?


Thanks!

Jason Lam

Farrukh Haroon Tue, 06/30/2009 - 04:02
User Badges:
  • Red, 2250 points or more

Why don't you make two different pools for each interfaces?


Regards


Farrukh

netcraftjason Tue, 06/30/2009 - 17:16
User Badges:

Hi Farrukh,


Is it the only way to solve the problem by configuring a unit pool to each subnets?


Thanks!

Jason Lam

Farrukh Haroon Tue, 06/30/2009 - 21:29
User Badges:
  • Red, 2250 points or more

The IP POOL is local on the router?


Regards


Farrukh

Maxim Zimovets Tue, 06/30/2009 - 22:38
User Badges:

Hello all!


I have the same problem. My setup is like:

seriver is 3845 with 12.4(18e). It has pppoe interface with static ip address configured.

easyvpn remote routers (different IOS versions) connect to the server in network extension mode.


Roughly 3 weeks of server uptime I became to lose connection to my remote location. Then I discovered that I got double routes to some (not all) remote location.

clear crypto sa peer and clear crypto isakmp did not help me. I just had to reload my server.


Has anybody seen same behavior?


With best regards


netcraftjason Tue, 06/30/2009 - 22:40
User Badges:

Hi Farrukh,


Yes, the IP pool is located in my Cisco 3825 with version c3825-adventerprisek9-mz.124-16b.bin.


Best Regards,

Jason

Actions

This Discussion