Hi. We are setting up a group of vpns between routers with cryptography enabled IOS.
Routers get conected with FR over ChannelB.
After the router is connected to the ISDN, it works fine. And if I type show crypto ipsec sa I have the expected sa. However if we telnet the router a time later (few hours or a day), the sa has dissapeared, there´s no even (deleted) state or MM_STATE it simply has gone. It is happening in some of this routers.
Perhaps if ISDN hangs maybe isakmp is not being renegotiated?? how can I know or test that?
Also if I type show crypto ipsec sa..there is something weird in the output, for each interface I find two outputs!
Dialer1:[...] #encrypt packets 32200
but some lines after that in the same output (not in another Interface I swear) appears
[...] #encrypt packets 0
A buggy version? but debug isakmp or debug isakmp don´t complain.
Please if you know how can I continue this troubleshooting it would be great.
Well, I think if your lifetimes expire and there is no interesting traffic, the tunnel may be torn down, depending on your configuration. Will the tunnel reestablish if you try to send traffic over it?
Also, as for the SAs, there should be two SAs per peer/interface, I believe inbound and outbound.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :