We have a 3845 router that peers 20 plus IPSEC VPN tunnels. One tunnel connects to a 3060 Concentrator. For some reason, the tunnel drops periodically.
We have this config on our side:
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto map VPN 30 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set security-association lifetime seconds 86400
set transform-set strong
set pfs group2
match address RemotePeer
reverse-route
We are using a PSK on the peers, and the concentrator has matching settings.
My question is could the drops be caused by the IPSEC timer being larger than the ISAKMP timer?
Any advise is greatly apprecitated.