Cisco 1841 IOS(Version 12.4(15)T5)

Unanswered Question
Feb 2nd, 2010


I have a problem with ipsec tunnel on cisco 1841 series router. Tunnels down and up about one minuste later. When i make shutdown/no shutdown command in interface mode tunnels are up immedialtely. There are 7 tunnel in this router. Are there any bugs with this IOS? Routing protocol is OSPF.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Tue, 02/02/2010 - 05:41


The most recent version of 12.4(15)T is 12.4(15)T12. Since you are running 12.4(15)T5 there have been 7 updates released for that version since yours. It is reasonable to assume that there were a number of bugs fixed in those 7 updates.

Is the tunnel down then up a problem on all of the tunnels or just some of them? Does the tunnel down then up problem continue to happen or is it just as you start the tunnels (are they stable once they get started or do they continue to flap)?

You do not provide much detail in your post and so it is hard for us to know whether there is a bug that causes your symptoms or whether it is something in the config. Perhaps you could supply more details?



m.turkkan Tue, 02/02/2010 - 07:04

Hi Rick,

We had this problem all of the tunnels. They are not stable when they get started. Vpn configurasyon is;

crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key .... address .....
crypto ipsec transform-set esp-3des-sha esp-3des esp-sha-hmac
crypto ipsec profile merkez
set security-association lifetime seconds 86400
set transform-set esp-3des-sha
set pfs group2
interface Tunnel3
description **Merkez**
ip address
ip tcp adjust-mss 1300
ip ospf cost 1
ip ospf mtu-ignore
tunnel source Dialer1
tunnel destination .....
tunnel mode ipsec ipv4
tunnel protection ipsec profile merkez

Richard Burts Tue, 02/02/2010 - 09:32


Thank you for providing the additional details. I do not see any particular issues in the config parts that you posted.

Is it possible that the tunnels come down because of some loss of IP connectivity? If a tunnel goes down can you do an extended ping, with the destination being the tunnel destination and the source being Dialer1 (the tunnel source)?

Is it possible that the tunnel comes down when the IPSec (or ISAKMP) SA gets to its lifetime and needs to be renegotiated?




This Discussion