I set up a VPN between these two devices and it comes up OK, and stays up for a while...however, it justs drops for no reason. And just the interface (Tunnel6) goes down, the actual crypto session stays up. All I have to do is a "clear crypto session" and it comes back up OK, but I was curious if any of you have seen this before. I have turned on crypto ipsec error debugging, but I don't really get anything useful back. I get this occasionaly:
I'll check this out, but this is the error I get when the connection drops:
*Apr 2 09:02:54.931: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel6, changed state to down
At this point the actual crypto session stays up, the router just won't pass any traffic over the tunnel interface as it thinks it is down. Thanks for the link though, I'll let you know if it clears up the other error.
Thanks for the help, but that didn't seem to work. It is definately more stable now, and I don't get the error about the replay window anymore. However the interface will still just drop for no reason while the crypto session stays up. In order to get this to work, I had to assign a ip address to the tunnel interface even though it doesn't use it for anything. Is that causing problems?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...