Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

route remain in the routing table after disconnect vpn client

I have configured a 2811 with pppoe and fix ip address with adsl, the use it as easy vpn server and another 2811 configured as easy vpn client also use pppoe connect to random ip address adsl.

I just want to ask that why the route is remained after i disconnect remote easy vpn.

8 REPLIES

Re: route remain in the routing table after disconnect vpn clien

Does it remain after you do:

clear crypto isakmp

clear crypto sa

Regards

Farrukh

New Member

Re: route remain in the routing table after disconnect vpn clien

I am facing the same issue for my easy vpn server and clients.

My Cisco 3825 has an easy vpn server configuration with an ip pool. When one of the client disconnects and his isakmp sa deleted by router itself. The route pointing to the ip pool's ip address is still in routing table!!! This time another vpn client connects and get the same ip pool's ip address. But, this new connected vpn client is located on another interface of the router. So, an extreme problem occur! A route pointing to 2 next hops is created! So bad!

Can another help me? How can I delete the bad route?

Thanks!

Jason Lam

Re: route remain in the routing table after disconnect vpn clien

Why don't you make two different pools for each interfaces?

Regards

Farrukh

New Member

Re: route remain in the routing table after disconnect vpn clien

Hi Farrukh,

Is it the only way to solve the problem by configuring a unit pool to each subnets?

Thanks!

Jason Lam

Re: route remain in the routing table after disconnect vpn clien

The IP POOL is local on the router?

Regards

Farrukh

New Member

Re: route remain in the routing table after disconnect vpn clien

Hello all!

I have the same problem. My setup is like:

seriver is 3845 with 12.4(18e). It has pppoe interface with static ip address configured.

easyvpn remote routers (different IOS versions) connect to the server in network extension mode.

Roughly 3 weeks of server uptime I became to lose connection to my remote location. Then I discovered that I got double routes to some (not all) remote location.

clear crypto sa peer and clear crypto isakmp did not help me. I just had to reload my server.

Has anybody seen same behavior?

With best regards

New Member

Re: route remain in the routing table after disconnect vpn clien

Hi Farrukh,

Yes, the IP pool is located in my Cisco 3825 with version c3825-adventerprisek9-mz.124-16b.bin.

Best Regards,

Jason

Re: route remain in the routing table after disconnect vpn clien

For static peers, I'm aware of a function called Invalid SPI Recovery, documented at:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gt_ispir.html

But it has a limitation:

"SPI recovery initiates a new IKE SA only for static peers. "

Regards

Farrukh

257
Views
0
Helpful
8
Replies
CreatePlease to create content