cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
689
Views
0
Helpful
1
Replies

Cisco 871 - EZVPN - IPSEC/GRE Tunnels - tunnels dropping

anthonyhoar
Level 1
Level 1

After periods of inactivity the GRE Tunnels go down due to a holding time expiring.

I have a crypto keepalive set however the IPSEC tunnel and GRE tunnels go down.

I have several 1841s, 2811s, and 2821s running the same config as the 871s however the only way I can keep the 871's IPSEC/GRE tunnels running is with a keepalive on both sides of the GRE tunnel.

The log is as follows:

Oct 31 03:28:55 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) xxxx: Neighbor xxx.xxx.xxx.xxx(Tunnel2) is down: Interface Goodbye received

Oct 31 03:28:55 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) xxxx: Neighbor xxx.xxx.xxx.xxx (Tunnel1) is down: Interface Goodbye received

Oct 31 03:28:59 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) xxxx: Neighbor xxx.xxx.xxx.xxx (Tunnel1) is up: new adjacency

Oct 31 03:28:59 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) xxxx: Neighbor xxx.xxx.xxx.xxx (Tunnel2) is up: new adjacency

Oct 31 03:29:26 CST: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=xxxxxx Group=xxxxxx Client_public_addr=xxx.xxx.xxx.xxx Server_public_addr=xxx.xxx.xxx.xxx

Oct 31 03:29:36 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel2, changed state to down

Oct 31 03:29:36 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) xxxx: Neighbor xxx.xxx.xxx.xxx (Tunnel2) is down: interface down

Oct 31 03:29:37 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) xxxx: Neighbor xxx.xxx.xxx.xxx (Tunnel1) is down: holding time expired

Oct 31 03:29:41 CST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down

Has anyone encountered this? I am wondering if I am dealing with an IOS issue because the 871 is still on T-train code for 12.4. I am running 12.4.9T1

1 Reply 1
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: