Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
177
Views
0
Helpful
1
Replies

Tunnel keepalives not working after upgrading 2821 to from 12.4 to 15.0

johnnylingo
Level 5
Level 5

‎07-10-2014 12:26 AM - edited ‎03-07-2019 08:00 PM

I have a pair of older 2821 routers doing site to site VPN termination.  They use HSRP on the external interface, with "tunnel source" mapping to the respective HSRP addresses.

Running 12.4(25)g, a tunnel with the source of an inactive HSRP address would show as "line up, line protocol down".  If the router went HSRP active, then the tunnel would change to "line up, line protocol up"

After upgrading to 15.0(1)M10, the tunnels always show up/up regardless of HSRP state.  I'm using OSPF to do the routing so OSPF will only come up if the HSRP state and tunnel source match, but this is really weird behavior to me.  In a different data center I have a pair of 2921s with similar configuration, and they are correctly marking tunnels up/down if not HSRP active

 

Any ideas on this one?

Labels:
0 Helpful
1 Reply 1

johnnylingo
Level 5
Level 5

‎07-10-2014 12:38 AM

Here's a sample of the configuration, since I'm sure I'll be asked:

Router 1 (HSRP active for 198.18.0.100)

interface GigabitEthernet0/0
 ip address 198.18.0.111 255.255.255.0
 duplex auto
 speed auto
 standby delay minimum 90
 standby 1 ip 198.18.0.100
 standby 1 priority 255
 standby 1 preempt
 standby 2 ip 198.18.0.200
 standby 2 priority 254
!
interface Tunnel100
 description Main Tunnel via 100Mb
 bandwidth 100000
 ip address 192.168.255.1 255.255.255.252
 ip ospf network point-to-point
 ip ospf mtu-ignore
 load-interval 30
 keepalive 10 3
 tunnel source 198.18.0.100
 tunnel mode ipsec ipv4
 tunnel destination 1.2.3.4
 tunnel protection ipsec profile COMPAT
!
interface Tunnel200
 description Backup Tunnel via DSL
 bandwidth 6000
 ip address 192.168.255.5 255.255.255.252
 ip ospf network point-to-point
 ip ospf mtu-ignore
 load-interval 30
 keepalive 10 3
 tunnel source 198.18.0.200
 tunnel mode ipsec ipv4
 tunnel destination 5.6.7.8
 tunnel protection ipsec profile COMPAT
!

Router 2 (HSRP active for 198.18.0.200)

interface GigabitEthernet0/0
 ip address 198.18.0.222 255.255.255.0
 duplex auto
 speed auto
 standby delay minimum 90
 standby 1 ip 198.18.0.100
 standby 1 priority 254
 standby 2 ip 198.18.0.200
 standby 2 priority 255
 standby 2 preempt
!
interface Tunnel100
 description Main Tunnel via 100Mb
 bandwidth 100000
 ip address 192.168.255.1 255.255.255.252
 ip ospf network point-to-point
 ip ospf mtu-ignore
 load-interval 30
 keepalive 10 3
 tunnel source 198.18.0.100
 tunnel mode ipsec ipv4
 tunnel destination 1.2.3.4
 tunnel protection ipsec profile COMPAT
!
interface Tunnel200
 description Backup Tunnel via DSL
 bandwidth 6000
 ip address 192.168.255.5 255.255.255.252
 ip ospf network point-to-point
 ip ospf mtu-ignore
 load-interval 30
 keepalive 10 3
 tunnel source 198.18.0.200
 tunnel mode ipsec ipv4
 tunnel destination 5.6.7.8
 tunnel protection ipsec profile COMPAT
!
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card