01-03-2007 10:24 PM - edited 03-03-2019 03:14 PM
We are running GRE over IPSEC between location A and B. It has been observed that after some time the tunnels go in a hang state and the traffic does not pass through these tunnels.
It has been observed that the tunnels at this time are shown up. After rebooting the router; tunnels come out of a hang state and traffic continues to flow. Reinitialization of tunnel is of no help.
The routers in question is Cisco 3825 with location A c3825-advsecurityk9-mz.124-3e.bin IOS and location B c3825-advsecurityk9-mz.124-3d.bin
01-04-2007 10:20 PM
You can try setting a keepalive on the tunnel interface. I have seen a similar problem on VTI interfaces.
02-05-2007 07:03 AM
It sounds like a problem we had on several VPN tunnels. The solution for us was to add
ip mtu 1400
ip tcp adjust-mss 1360
to the tunnel interface.
02-05-2007 07:33 AM
I never experienced this with my configuration which I use internet as primary link using IP GRE over IPSEC and MPLS as backup link using IP GRE over IPSEC.
The important configuration for IP GRE interface are;
ip mtu 1500 << don't make this lower than 1500 else you will have DF problem.
keepalive 5 4 << this is important in floating static route configuration.
However I do experienced a lot of problem with IPSEC alone without IP GRE.
The important things to take note in IPSEC are;
- RouterA and RouterB configurations should be symmetric.
- RouterA and RouterB should have the same IOS version up to the "letter".
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide