Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN between Cisco 3660 and Linksys RV016

Hello,

I set up a VPN between these two devices and it comes up OK, and stays up for a while...however, it justs drops for no reason. And just the interface (Tunnel6) goes down, the actual crypto session stays up. All I have to do is a "clear crypto session" and it comes back up OK, but I was curious if any of you have seen this before. I have turned on crypto ipsec error debugging, but I don't really get anything useful back. I get this occasionaly:

*Apr 2 08:17:05.123: %CRYPTO-4-PKT_REPLAY_ERR: decrypt: replay check failed

connection id=17, sequence number=633

But when I get this the connection stays up. When it drops I just get the message that says interface Tunnel6 has changed state from up to down. Here is piece of my config for the VPN in question:

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 5

lifetime 3600

crypto isakmp key xxx address xx.xx.xxx.xxx no-xauth

crypto ipsec profile pro-link

set transform-set linksys

set pfs group5

interface Tunnel6

description VPN to Humphrey Terminal

ip address 10.10.61.2 255.255.255.0

keepalive 300 3

tunnel source FastEthernet0/0

tunnel destination xx.xx.xx.xx

tunnel mode ipsec ipv4

tunnel protection ipsec profile pro-link

!

ip route 192.168.210.0 255.255.255.0 Tunnel6

I can paste a screenshot of my linksys config too, if someone needs it. But I believe the trouble is on the cisco's end.

thanks!

3 REPLIES

Re: VPN between Cisco 3660 and Linksys RV016

New Member

Re: VPN between Cisco 3660 and Linksys RV016

Thanks,

I'll check this out, but this is the error I get when the connection drops:

*Apr 2 09:02:54.931: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel6, changed state to down

At this point the actual crypto session stays up, the router just won't pass any traffic over the tunnel interface as it thinks it is down. Thanks for the link though, I'll let you know if it clears up the other error.

New Member

Re: VPN between Cisco 3660 and Linksys RV016

Thanks for the help, but that didn't seem to work. It is definately more stable now, and I don't get the error about the replay window anymore. However the interface will still just drop for no reason while the crypto session stays up. In order to get this to work, I had to assign a ip address to the tunnel interface even though it doesn't use it for anything. Is that causing problems?

300
Views
0
Helpful
3
Replies