Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

The IPSec tunnel does not come UP for interesting traffic

Hi there,

We have the tunnel with one of our business partner. We have an 1841 router at ouor end and they have ASA at their end. The traffic does not come UP when they start the intresting traffic 'sometimes'. When it does not come UP even after the traffic form their side, we have to re-establish the tunnel by 'clear crypto isa sa XYZ'. We have some more such tunnels on this router and they do not have this problem.

Our ACL's match, and tunnel works fine if we let it re-negotiate it.

The router at our side has this logs every now and then, almost everyday atleast 3-4 times:

IP_VFR-4-FRAG_TABLE_OVERFLOW:

Has the tunnel not coming up to do something with this log. I have not tried to increase the default value of 'datagrams to reassemble' at the inteface to get rid of this log.

Thanks,

Gaurav

  • Firewalling
2 REPLIES

Re: The IPSec tunnel does not come UP for interesting traffic

Could you attach both configurations

Cisco Employee

Re: The IPSec tunnel does not come UP for interesting traffic

Hi

Diego is right, and also if you could attach the log from the firewall at the moment that the tunnel is torn down it would be great. I also have some other questions:

1-Are the tunnels for the other also ending in ASA firewalls?

2-Are they all running the same OS?

3-Are they all the same hardware?

4-How often the problems happens?

5-Is it reproducible?

Thanks.


Mike

Mike
348
Views
0
Helpful
2
Replies
This widget could not be displayed.