12-05-2002 07:57 AM - edited 03-09-2019 01:17 AM
i have a vpn setup between a central site and a remote. it is a 3005 at the central site and a 806 at the remote running easy vpn client (pre-shared keys).
it has been up and worked fine for 2 weeks, no problems. the idle-timeout is set to 30 minutes. after everyone at the remote site goes home, the router idles out and dials back in and idles out and the concentrator log shows
PEER TERMINATE
Reason: Idled out
(0 Bytes transmitted, 0 recieved)
....ok not a big deal. but recently 2 days back to back, the router idles out around 2 AM and when it terminates the concentrator log shows PEER TERMINATE USER REQUESTED (0 Bytes transmitted, 0 recieved) not IDLED OUT. The connection always lasts for exactly 38 seconds. The next morning, the users cannot access the VPN or the Internet. I even set the idle timeout for 5 hours and around 2AM again the same thing happened. Once the router is rebooted, every thing is fine. Does anyone have any suggestions?
12-05-2002 08:26 AM
What version of IOS are you running? Concentrator code? You probably dont have to reboot, just clear the tunnels. "clear crypto sa" and "clear crypto isakmp" should allow the tunnels to be renegotiated. Which sounds like IOS isn't releasing its tunnels.
Kurtis Durrett
12-05-2002 02:28 PM
thanks for the reply
12.2(8) YM Early Deployment
i know ED's aren't always the most stable, it was the latest one with support for ezvpn. when arriving on site (in the morning when users arrive for work), a 'show crypto engine connections active' shows no tunnels. the connection also is not present in the concentrator (monitoring -> sessions). The service provider's routes are still in the routing table although in the morning before reboot, no one can access the Internet or VPN (tunnel everything).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide