Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

site to site issue

Hi All,

We have  site to site tunnel suddenly the tunnel got disconnected and we recieved error such as

IKE Peer: 196.25.48.3
     Type    : L2L             Role    : responder
    Rekey   :  yes             State   :  MM_ACTIVE_REKEY
  

IKE Peer:  196.25.48.3
     Type    : L2L             Role    : responder
    Rekey   :  no              State   :  MM_REKEY_DONE_H2

And after time  tunnel was up automotically.When confirmed to far end network admin no changes where made from there side.From our side no changes were made.

My question is there any other factors for tunnel down reason.

9 REPLIES

site to site issue

Should be related to SA life cycle  check both end if there is mismatch or very short duration is configured.

New Member

site to site issue

Hi Ajay

Now the tunnel is displaying as

  IKE Peer: 196.25.48.3

    Type    : L2L             Role    : responder

    Rekey   : no              State   : MM_ACTIVE

But the problem is we are not able to connect some remote machine as checked phase i is up and we have allowed ip range on firewall and there is no log when excuted show connection command.

Can u please suggest some command to check where the problem is there.

site to site issue

I would suggest following-

1) check all parameters both end should be same for phase 1 and 2

2) check pfs setting if configured should be on both side also can be tested removing both end.

3) check crypto acl

4) show ipsec sa to check if some traffic going might be one way.

5) finally run the packet tracer command 

packet-tracer input inside 1024  80

it will show you what is happening in packet flow.

Thanks

Ajay

New Member

site to site issue

Hi Ajay,

Problem we are able to take remote of  one  machine But not able to take any another machine which are in same range.

when i excuted the command show crypto  ipsec sa encryped packets are increasing but decrypted packet remains same.

Is it problem is from far end?

site to site issue

yes might be pfs is on other side would suggest to take a look on remote .

New Member

site to site issue

Hi please suggest on above output

site to site issue

looks like dropped by crypto acl please paste the config then only i can suggest something.

New Member

site to site issue

Hi Ajay,

Issue is solved , there is some problem from far end.

Thanks

site to site issue

Great

751
Views
4
Helpful
9
Replies
CreatePlease to create content