Issues with static removing itself using RRI

Unanswered Question

Hi all,

I'm running into an issue where my headend vpn router is removing static on its own even though the ipsec tunnel is still up. It drops randomly (I have had it disappear in 15 mins or 4 hours later) and what's odd is that it will re-add the static on its own at random times (again like 15 mins after it drops or 4 hours after it drops, very random). Clearing the tunnel does not restore the static. Clearing the config and re-adding will however but obviously this is not a good solution. I can confirm the tunnel is still up but doing a show crypto ipsec sa and I see the tunnel is still there.

The design and config is pretty simple. One headend vpn router (3825 runnign 12.4 IOS) and one remote router (871 router) configured for lan to lan. The crypto map on the headend router is using reverse-route subcommand to inject statics when the tunnel is up.

Headend router

crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2 
lifetime 3600

crypto isakmp key SOMEKEY address 99.99.99.99

crypto isakmp keepalive 60 periodic

crypto ipsec transform-set Remote-Office-TS esp-aes 256 esp-sha-hmac
no crypto ipsec nat-transparency udp-encaps

crypto map WAN_VPN client configuration address respond

crypto map WAN_VPN 50 ipsec-isakmp
description REMOTE

set peer 99.99.99.99

set transform-set Remote-Office-TS

  match address 100

reverse-route

Any ideas?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Tue, 04/13/2010 - 04:39

Correct, even if the tunnel is down, it will always be there as it is taking the crypto ACL as the route to be redistributed.

Actions

This Discussion

Related Content