Crypto IPSEC tunnel issue

Unanswered Question
Jun 9th, 2008
User Badges:

We have one of the spoke sites which is having a VPN connection to the Hub Site. It has Crypto IPSEC tunnel configured. The problem is when the internet connection goes down from ISP side, and when it come up the IPSEC tunnel is not able to re-initiate automatically. We need to reboot router and modem (Provided by ISP). Then only it starts initiating session with remote peer.We have DSL connection provided by ISP. It goes down frequently and after coming UP the VPN connection is not getting recover. Is this issue related to any H/W model or IOS?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Mon, 06/09/2008 - 06:07
User Badges:
  • Red, 2250 points or more

You could try to enable 'crypto isakmp keepalives' and see if they help.


Regards


Farrukh

chinmay.talati Mon, 06/09/2008 - 08:09
User Badges:

Thanks Farrukh for reply. We have already configured crypto isakmp keepalives 10. But it didnt solve our problem

chinmay.talati Mon, 06/09/2008 - 21:39
User Badges:

Thanks Farukh for your suggestion. I have enabled the Invalid spi recovery feature in on the crypto map but no luck. Any other suggestions please?

Farrukh Haroon Mon, 06/09/2008 - 21:43
User Badges:
  • Red, 2250 points or more

Do you properly get the IP address on your dailer interface after the ISP connection comes back? Have you enabled SPI recovery and keepalives on both tunnel end-points?


Regards


Farrukh

chinmay.talati Mon, 06/09/2008 - 21:59
User Badges:

When internet gets diconnected the IPSec SA status gets change to MM_NO_STATES. It should change to QM_IDLE or active automatically when the internet recovered. But it is not getting changed. We need to reboot router and then only it gets connected I have configured keep alives on both the site. I will enable SPI recovery on the hub site also and check and let you know. Thanks for reply

Farrukh Haroon Mon, 06/09/2008 - 22:01
User Badges:
  • Red, 2250 points or more

Also if possible try to upgrade the IOS to the latest version in that major release. What IOS are you running by the way? (On both sides)


Regards


Farrukh

Actions

This Discussion