I am facing the same issue for my easy vpn server and clients.

My Cisco 3825 has an easy vpn server configuration with an ip pool. When one of the client disconnects and his isakmp sa deleted by router itself. The route pointing to the ip pool's ip address is still in routing table!!! This time another vpn client connects and get the same ip pool's ip address. But, this new connected vpn client is located on another interface of the router. So, an extreme problem occur! A route pointing to 2 next hops is created! So bad!

Can another help me? How can I delete the bad route?

Thanks!

Jason Lam

Why don't you make two different pools for each interfaces?

Regards

Farrukh

Hi Farrukh,

Is it the only way to solve the problem by configuring a unit pool to each subnets?

Thanks!

Jason Lam

The IP POOL is local on the router?

Regards

Farrukh

Hello all!

I have the same problem. My setup is like:

seriver is 3845 with 12.4(18e). It has pppoe interface with static ip address configured.

easyvpn remote routers (different IOS versions) connect to the server in network extension mode.

Roughly 3 weeks of server uptime I became to lose connection to my remote location. Then I discovered that I got double routes to some (not all) remote location.

clear crypto sa peer and clear crypto isakmp did not help me. I just had to reload my server.

Has anybody seen same behavior?

With best regards

Hi Farrukh,

Yes, the IP pool is located in my Cisco 3825 with version c3825-adventerprisek9-mz.124-16b.bin.

Best Regards,

Jason

For static peers, I'm aware of a function called Invalid SPI Recovery, documented at:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gt_ispir.html

But it has a limitation:

"SPI recovery initiates a new IKE SA only for static peers. "

Regards

Farrukh