Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN Issue btn Cisco Router and Windows 2003

Hi All,

We've setup a VPN tunnel with a partner through Internet (@Different Country with different Time Zone) using the following guidlines:

We are phasing the following "strange" problem... The tunnel comes up and works for 8-10 minutes. After that the windows server stops "decrypting" the packets that cisco sends (ESP packets get transmitted and received by the Windows 2003 server, confirmed with ethereal). Now, after 50-52 minutes (that is after 3600 seconds that the transform-set security association lifetime expires and SPI/SAs are re-negotiated) the tunnel works again and the story goes on forever (8-10 minutes works, 50-52 minutes does not work).

Any Ideas?

From Cisco Site, the configuration is as Follows.....


isakmp enable


crypto isakmp policy 1

encryption 3des

hash sha

group 2

authentication pre-share

lifetime 86400


crypto isakmp key peersharedkey! address <MY_Partner_IP>


crypto ipsec security-association lifetime seconds 3600


crypto ipsec transform-set PARTNERset esp-des esp-md5-hmac


crypto map PARTNER 1 ipsec-isakmp

set peer <MY_Partner_IP>

set transform-set PARTNERset

match address 115



interface Ethernet0/1

ip address <My_Public_IP>

crypto map PARTNER

!--- Source/Destination networks defined

access-list 115 permit ip


ip route <My_ISP_Gateway>


Re: VPN Issue btn Cisco Router and Windows 2003

Try this:

Adjust TCP MTU on the router.

Community Member

Re: VPN Issue btn Cisco Router and Windows 2003

We did adjust MTU on Server and Interfaces to make it 1400 but still problem remains. The packets that the devices transmit are small ~350 bytes, so I do not think is an MTU issue.

CreatePlease to create content