Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
0
Helpful
2
Replies

Need Advice. User requested peer terminate for router?

d-garnett
Level 3
Level 3

‎12-05-2002 07:57 AM - edited ‎03-09-2019 01:17 AM

i have a vpn setup between a central site and a remote. it is a 3005 at the central site and a 806 at the remote running easy vpn client (pre-shared keys).

it has been up and worked fine for 2 weeks, no problems. the idle-timeout is set to 30 minutes. after everyone at the remote site goes home, the router idles out and dials back in and idles out and the concentrator log shows

PEER TERMINATE

Reason: Idled out

(0 Bytes transmitted, 0 recieved)

....ok not a big deal. but recently 2 days back to back, the router idles out around 2 AM and when it terminates the concentrator log shows PEER TERMINATE USER REQUESTED (0 Bytes transmitted, 0 recieved) not IDLED OUT. The connection always lasts for exactly 38 seconds. The next morning, the users cannot access the VPN or the Internet. I even set the idle timeout for 5 hours and around 2AM again the same thing happened. Once the router is rebooted, every thing is fine. Does anyone have any suggestions?

Labels:
0 Helpful
2 Replies 2

kdurrett
Level 3
Level 3

‎12-05-2002 08:26 AM

What version of IOS are you running? Concentrator code? You probably dont have to reboot, just clear the tunnels. "clear crypto sa" and "clear crypto isakmp" should allow the tunnels to be renegotiated. Which sounds like IOS isn't releasing its tunnels.

Kurtis Durrett

0 Helpful

d-garnett
Level 3
Level 3
In response to kdurrett

‎12-05-2002 02:28 PM

thanks for the reply

12.2(8) YM Early Deployment

i know ED's aren't always the most stable, it was the latest one with support for ezvpn. when arriving on site (in the morning when users arrive for work), a 'show crypto engine connections active' shows no tunnels. the connection also is not present in the concentrator (monitoring -> sessions). The service provider's routes are still in the routing table although in the morning before reboot, no one can access the Internet or VPN (tunnel everything).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents