Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
450
Views
0
Helpful
2
Replies

site-2-site VPN goes down

bapatsubodh
Level 1
Level 1

ā€Ž01-25-2010 08:00 AM

Hi,

We have configured Site-to-site VPN from 1841 to partner  VPN head end device over internet. It works fine but suddenly tunnel goes down fro some unknown reason and comes up without changeing any configuration. Internet link utilization is also well within limit.

We have configured crypto isakmp lifetime as 3600.  Changeing it to 600 will cause isakmp parameters to be refreshed every 10 minutes, will it help?

I didnt get chance to see crypto isakmp sa status "QM_IDLE" or not.

Any experience for VPN tunnel going down over internet while all other internet activity is working normally.

Please share the experience.

Thanks in advance.

Subodh

Labels:
0 Helpful
2 Replies 2

aabhatia
Level 1
Level 1

ā€Ž01-25-2010 01:01 PM

plz check if the crypto acl on both sites are mirror copy of each other

disable keepalives using command

config t

tunnel-group  ipsec-attributes 
isakmp keepalive disable

check output of 
sh crypto isa sa
sh crypto ipsec sa when tunnel goes down
also check following debugs

debug cry isa 255
debug cry ipsec 255
0 Helpful

bapatsubodh
Level 1
Level 1
In response to aabhatia

ā€Ž01-26-2010 05:56 AM

Hi,

Thanks AartiBhatia for you reply.

Router 1841 is not supporting the commands which you recomend any alternative commands?

Thanks

Subodh

0 Helpful
Customers Also Viewed These Support Documents