Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

router to PIX isakmp/ipsec renewal issue

I used the almost same config as

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080094498.shtml

IOS router 12.0(7)T on 2621 (8MB flash)

PIX 515 6.2

the tunnel works fine during lifetime of 3600 seconds, then just after renegociation, it drops the connection.

the only way is to clear crypto sa on PIX and / or the router to re initialize the tunnel.

I tried PFS Y/N, I tried keepalive on both ends, always the same issue.

any idea?

2 REPLIES

Re: router to PIX isakmp/ipsec renewal issue

Hi I had similar issue ages ago but adding the below command on the router fixed teh issue

crypto isakmp keepalive 10

New Member

Re: router to PIX isakmp/ipsec renewal issue

I have these keepalive on the PIX and the router.

But it is isakmp keepalive.

I think the pb comes from the ipsec renewal since it appears at the end of the lifetime of ipsec, not isakmp

145
Views
0
Helpful
2
Replies
CreatePlease to create content