site-2-site VPN goes down

Unanswered Question
Jan 25th, 2010
User Badges:

Hi,

We have configured Site-to-site VPN from 1841 to partner  VPN head end device over internet. It works fine but suddenly tunnel goes down fro some unknown reason and comes up without changeing any configuration. Internet link utilization is also well within limit.

We have configured crypto isakmp lifetime as 3600.  Changeing it to 600 will cause isakmp parameters to be refreshed every 10 minutes, will it help?

I didnt get chance to see crypto isakmp sa status "QM_IDLE" or not.

Any experience for VPN tunnel going down over internet while all other internet activity is working normally.

Please share the experience.

Thanks in advance.

Subodh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aabhatia Mon, 01/25/2010 - 13:01
User Badges:

plz check if the crypto acl on both sites are mirror copy of each other

disable keepalives using command

config t

tunnel-group  ipsec-attributes 
isakmp keepalive disable

check output of
sh crypto isa sa
sh crypto ipsec sa when tunnel goes down
also check following debugs

debug cry isa 255
debug cry ipsec 255
bapatsubodh Tue, 01/26/2010 - 05:56
User Badges:

Hi,

Thanks AartiBhatia for you reply.

Router 1841 is not supporting the commands which you recomend any alternative commands?

Thanks

Subodh

Actions

This Discussion