Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISDN and Ike keep alives

Any one had trouble with above scenario?

I have set up a 1720 (with VPN module and isdn module) with IKE keep alives because the vpn terminates beyond the isdn termination.

The isdn address is negotiated and bound to a dialer interface

For testing I set the dialer list to ip any, so all worked well. Then I set the dialer list to list 101. This lists the ipsec protocol (esp) as interesting and IKE packets that have a source of 0.0.0.0

After a reload the router behaves as expected with the phase one exchange bringing up the line and then the isdn unbinding once real traffic stops.

The SA at the other end is deleted (no keep alives) and so we are set for the next time ;-) but there is no next time. The dialer neve sees another ike packet with a source of 0.0.0.0 unless the router reloads.

Any one seen similar?

reload in 25 years
2 REPLIES
Bronze

Re: ISDN and Ike keep alives

You might be running into bug id# CSCdt62295 or CSCdt92715. Since I have no idea which IOS you’re running, this is only a guess but I would check Bug Navigator or call the Cisco TAC to be sure.

New Member

Re: ISDN and Ike keep alives

Fast switching does not work with VPN. The first packet goes through the tunnel, then the preceeding packets go through the cache to verify the destination.

Depending on what versions of code you are running, remove fast switching from the lan and the wan interface, no ip route-cache, and no ip mroute-cache. If you don't see it in the interface, it is on by default.

Good luck,

Mike

236
Views
0
Helpful
2
Replies