Cisco 1841 IOS(Version 12.4(15)T5)

Unanswered Question
Feb 2nd, 2010

Hi,

I have a problem with ipsec tunnel on cisco 1841 series router. Tunnels down and up about one minuste later. When i make shutdown/no shutdown command in interface mode tunnels are up immedialtely. There are 7 tunnel in this router. Are there any bugs with this IOS? Routing protocol is OSPF.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Tue, 02/02/2010 - 05:41

Murat

The most recent version of 12.4(15)T is 12.4(15)T12. Since you are running 12.4(15)T5 there have been 7 updates released for that version since yours. It is reasonable to assume that there were a number of bugs fixed in those 7 updates.

Is the tunnel down then up a problem on all of the tunnels or just some of them? Does the tunnel down then up problem continue to happen or is it just as you start the tunnels (are they stable once they get started or do they continue to flap)?

You do not provide much detail in your post and so it is hard for us to know whether there is a bug that causes your symptoms or whether it is something in the config. Perhaps you could supply more details?

HTH

Rick

m.turkkan Tue, 02/02/2010 - 07:04

Hi Rick,

We had this problem all of the tunnels. They are not stable when they get started. Vpn configurasyon is;

crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key .... address .....
!
!
crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac
!        
crypto ipsec profile merkez
set security-association lifetime seconds 86400
set transform-set esp-3des-sha
set pfs group2
!
interface Tunnel3
description **Merkez**
ip address 172.18.1.14 255.255.255.252
ip tcp adjust-mss 1300
ip ospf cost 1
ip ospf mtu-ignore
tunnel source Dialer1
tunnel destination .....
tunnel mode ipsec ipv4
tunnel protection ipsec profile merkez

Richard Burts Tue, 02/02/2010 - 09:32

Murat

Thank you for providing the additional details. I do not see any particular issues in the config parts that you posted.

Is it possible that the tunnels come down because of some loss of IP connectivity? If a tunnel goes down can you do an extended ping, with the destination being the tunnel destination and the source being Dialer1 (the tunnel source)?

Is it possible that the tunnel comes down when the IPSec (or ISAKMP) SA gets to its lifetime and needs to be renegotiated?

HTH

Rick

Actions

This Discussion