VTI tunnels flapping

Unanswered Question
Jan 21st, 2010

Hi Folks

I have around 400 sites connected to Head office using IPsec tunnels (VTI tunnels).

Some of the sites have a particular issue.The tunnels go down and again come up after every hour or less.router logs as below

*********************************************************************************************

006136: Jan 18 10:14:21.338 central: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 7665: Neighb
or 172.21.5.2 (Tunnel2) is down: holding time expired
006137: Jan 18 10:14:21.510 central: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 7665: Neighb
or 172.21.5.1 (Tunnel1) is down: holding time expired
006138: Jan 18 10:14:23.474 central: %LINEPROTO-5-UPDOWN: Line protocol on Inter
face Tunnel1, changed state to down
006139: Jan 18 10:14:24.418 central: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd
IPSEC packet has invalid spi for destaddr=66.112.191.134, prot=50, spi=0xDDA6E79
8(3718703000), srcaddr=163.123.1.1
006140: Jan 18 10:14:25.974 central: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 7665: Neighb
or 172.21.5.2 (Tunnel2) is up: new adjacency
006141: Jan 18 10:14:27.934 central: %CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED: IKE
default policy was matched and is being used.
006142: Jan 18 10:14:27.934 central: %CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED: IKE
default policy was matched and is being used.
006143: Jan 18 10:14:39.554 central: %LINEPROTO-5-UPDOWN: Line protocol on Inter
face Tunnel1, changed state to up
006144: Jan 18 10:14:40.614 central: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 7665: Neighb
or 172.21.5.1 (Tunnel1) is up: new adjacency
***********************************************************************************************

I chased ISP and ensured the link is stable.Any solution please???

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion