Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Ipsec tunnel between 2 pixes, v7.0 and v6.3(4)

I have a functioning IPSec tunnel between two pixes. One is a 525 running 6.3(4) of the code, the other is a 515E running 7.0. The tunnel comes up OK, but if it drops because of a lack of interesting traffic, the tunnel will not come back up UNLESS new interesting traffic originates from the 515E (running 7.0). Interesting traffic from the 525 will NOT bring up the tunnel.

The config I used on both boxes is a standard script that I use all the time for setting up IPSec tunnels between pixes running v6.3(x). With those older IOS boxes the tunnel always works fine, and communication can be initiated from either side.

Is some default isakmp or ipsec setting in v7.0 different from v6.3? I notice that running "sh crypto isakmp sa" shows that the 515E's role is "initiator". Does that mean it MUST initiate the connection? Is there a way to make it both "initiator" and "responder"?


Re: Ipsec tunnel between 2 pixes, v7.0 and v6.3(4)

Try on 525 command

isakmp keepalive 10 2

CreatePlease to create content