Routes remain in routing table after vpn client disconnect

Answered Question
Jun 30th, 2009

I am facing this issue for my easy vpn server and clients.

My Cisco 3825 has an easy vpn server configuration with an ip pool. When one of the client disconnects and his isakmp and ipsec sa deleted by router itself. The route pointing to the ip pool's ip address is still in routing table!!! This time another vpn client connects and get the same ip pool's ip address. But, this new connected vpn client is located on another interface of the router. So, an extreme problem occur! A route pointing to 2 next hops is created! So bad!

Can another help me? How can I delete the bad route?

Thanks!

Jason Lam

I have this problem too.
0 votes
Correct Answer by auraza about 7 years 6 months ago

It may be worthwhile upgrading as there were numerous RRI issues in earlier versions of code with the routes not being deleted when the SA goes down, etc.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
auraza Tue, 06/30/2009 - 07:47

What version of IOS are you using? There are some problems with RRI, which is what I'm assuming you're using.

netcraftjason Tue, 06/30/2009 - 17:00

Hi Auraza,

Version is c3825-adventerprisek9-mz.124-16b.bin with AIM-VPN/EPII-PLUS.

Thanks!

Jason

Correct Answer
auraza Wed, 07/01/2009 - 09:43

It may be worthwhile upgrading as there were numerous RRI issues in earlier versions of code with the routes not being deleted when the SA goes down, etc.

netcraftjason Wed, 07/01/2009 - 16:20

Hi Auraza,

I have just upgraded the IOS to newest 12.4.25b. And monitoring the RRI currently.

Best Regards,

Jason

m-ketchum Thu, 07/02/2009 - 16:39

Any luck here? I'm having the same issue with a different IOS.

netcraftjason Thu, 07/02/2009 - 17:19

Yes, the router seems to be able to delete the route entries after the crypto IPSec SA deleted. My new version of IOS is the newest of 12.4--12.4.25a.

Best Regards

Jason

Actions

This Discussion