Always need to reboot router for ipsec tunnel to server

Unanswered Question
Oct 16th, 2008
User Badges:

I am having one branch office. Desktop users connect my office via Ipsec tunnel at my H.O(main).Desktop(Users) obtain ip address via DHCP server & they connect to all my other server via ipsec tunnel. But few of my user gets disconnected & they are not able to ping to my server.i.e

DESKTOP_USER--BRANCH_ROUTER==IPSEC TUNNEL = HO-ROUTER-FIREWALL--DESKTOP_USERS. Assume one user - gets connected, via ipsec tunnel & able to ping server,but after some time pinging to server stops. Then the user with ip will come to router & will not be able to ping to mu server. We have to change the ip address & then try to ping it works, but with same ip it doesnt work. Alternately if we want to use that same ip, we have to reboot router in order to get access to server.As we are having fire wall, packet comes to router interface i.e facing towards internet,so we cant troubleshoot.

Only solution we have, we have to change Ip address or we need to reboot the Router.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cyberglobe Sat, 10/18/2008 - 11:57
User Badges:

Have you tried a different IOS version to see if it is experiencing the same problem?

Istvan_Rabai Sat, 10/18/2008 - 21:39
User Badges:
  • Gold, 750 points or more

Hi Qureshi,

To be honest, I can't see the reason for such a strange behavior of IPSec tunnel.

I have one idea though that you can give a shot:

Can you configure "crypto isakmp keepalive 10" on both sides of the IPSec tunnel.

Let's see if this helps.



yahoo2006 Sun, 10/19/2008 - 07:05
User Badges:

In fact, I faced same problem with two PCs in customer LAN, the network was ISDN connection to ISP, When I pinged the CISCO ISDN router from that two PCs I got time out but when I changed the ip of that PCs I got reply from router so I formate the two PCs and the problem fixed, I think the problem in the PC not in VPN configuration


This Discussion