Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need Advice. User requested peer terminate for router?

i have a vpn setup between a central site and a remote. it is a 3005 at the central site and a 806 at the remote running easy vpn client (pre-shared keys).

it has been up and worked fine for 2 weeks, no problems. the idle-timeout is set to 30 minutes. after everyone at the remote site goes home, the router idles out and dials back in and idles out and the concentrator log shows

PEER TERMINATE

Reason: Idled out

(0 Bytes transmitted, 0 recieved)

....ok not a big deal. but recently 2 days back to back, the router idles out around 2 AM and when it terminates the concentrator log shows PEER TERMINATE USER REQUESTED (0 Bytes transmitted, 0 recieved) not IDLED OUT. The connection always lasts for exactly 38 seconds. The next morning, the users cannot access the VPN or the Internet. I even set the idle timeout for 5 hours and around 2AM again the same thing happened. Once the router is rebooted, every thing is fine. Does anyone have any suggestions?

2 REPLIES
New Member

Re: Need Advice. User requested peer terminate for router?

What version of IOS are you running? Concentrator code? You probably dont have to reboot, just clear the tunnels. "clear crypto sa" and "clear crypto isakmp" should allow the tunnels to be renegotiated. Which sounds like IOS isn't releasing its tunnels.

Kurtis Durrett

New Member

Re: Need Advice. User requested peer terminate for router?

thanks for the reply

12.2(8) YM Early Deployment

i know ED's aren't always the most stable, it was the latest one with support for ezvpn. when arriving on site (in the morning when users arrive for work), a 'show crypto engine connections active' shows no tunnels. the connection also is not present in the concentrator (monitoring -> sessions). The service provider's routes are still in the routing table although in the morning before reboot, no one can access the Internet or VPN (tunnel everything).

224
Views
0
Helpful
2
Replies
CreatePlease login to create content