VPN connection site to site

Unanswered Question
Sep 24th, 2009

hello all,

we have two sites which are connected site to site VPN. every thing is ok except when : router of branch reload VPN connection is not going to be UP. we have to remove Crypto map from main router and re put it again on interface in order to connect again that branch.

could you help what is problem.

attached you will find router configuration and debug information.

thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
slmansfield Thu, 09/24/2009 - 09:49

I would try to clear the ISAKMP and IPSEC connections to this remote site on the central site VPN router.

First check to see which connections belong to the specific remote site using the following commands:

router#show crypto isakmp sa

router#show crypto ipsec sa

The output of these commands will provide specific identifiers for you to use to selectively clear those ISAKMP and IPSEC connections to one remote site.

ISAKMP (Phase I)

router#clear crypto isakmp ?

<0 - 32766> connection id of SA

IPsec (Phase II)

router#clear crypto sa ?

counters Reset the SA counters

map Clear all SAs for a given crypto map

peer Clear all SAs for a given crypto peer

spi Clear SA by SPI

Here is the URL describing this and other common problems and how to troubleshoot them.



adriatikb Thu, 09/24/2009 - 22:48

thank you for your response,

i have tried to clear SA but didn't function.

what i have find this morning and seems to be a solution is command:

crypto isakmp invalid-spi-recovery

i still don't understand why but it is working after restart?

best regards



This Discussion