Cisco Support Community
Community Member

Strange VPN behaviour


I am experiencing a strange IPSec behavior between two LANs connected through a VPN.

the setup is as follows:

LAN1 ---Cisco 831---IPSec---Cisco PIX 525---(LAN2,LAN3,LAN4)

The problem is the following:

a) The ISAKMP SA's are configured for a lifetime of 24 hours. after the lifetime expires the SA's are not renewed automatically. A reboot or an extended ping on the Cisco 831 will renew the SA.

b) For some strange reason the VPN is never brought up when initiated from LAN2,LAN3 or LAN4.

Can someone shed a light on where to look for possible causes?

The Cisco 831 has IOS 12.3(2)T and the PIX has ver 6.1.

Also the terminates many VPNs to other Cisco routers and PIX firewalls and everything works fine.



Re: Strange VPN behaviour

The renegotiation is automatic if interesting traffic is passing through. It is quiet possible that traffic from LAN2, LAN3 and LAN4 is not configured as interesting. That would mean that even when the tunnel is up and running, traffic from these three LAN's is passing through unencrypted. I guess you should have a good look at the access-lists that you have used to specify interesting traffic. Also, I could find only a single bug related to ISAKMP SA renegotiation but in that case the router will reload. All the same, you couls also refer to bug CSCea43713.

CreatePlease to create content