cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
323
Views
0
Helpful
3
Replies

VPN often hanging up

mauricioharley
Level 1
Level 1

Dear friends,

I have the following scenario:

2 site-to-site VPNs. The first one is established between a 2801 and a 1841, both using Advanced IP Services (versions right below). The second one is established between the same previous 2801 and a PIX 515E.

The VPN between the two routers is ok, but that one between the 2801 and the PIX is frequently hanging up. To put it up, I have to remove the crypto map from the router's outside interface and put it again.

What could be the cause of this??? These are the versions of softwares running on my boxes:

. 1841 -> Advanced IP Services - 12.4(9)T1

. 2801 -> Advanced IP Services - 12.4(9)T

. PIX 515E -> 7.0(2)

Regards!

3 Replies 3

Kamal Malhotra
Cisco Employee
Cisco Employee

Hi,

The problem that you are facing could be caused by the IPSEC SA lifetimes. The default SA lifetime on the router is 3600 seconds (1 hour) and the default IPSEC SA lifetime on the PIX is 28800 seconds (8 hours). So please make sure that they are the same on othe the boxes. To confirm you can use the following command on the router:

show crypto ipsec security-association lifetime

When you type 'sh run cry map' on the PIX and don't see any specific lifetime configured then it is indicative that we are using the default lifetime. You can either configure 28800 on the router for the specific tunnel under the crypto map or 3600 on the PIX for the specific tunnel under the crypto map.

HTH,

Please rate if it helps,

Regards,

Kamal

Kamal,

I configured this in my boxes and I'll wait until the end of today to see the results. I would answer you about the progress.

Thanks!

Hi, Kamal,

I did what you asked me. The VPN seemed to be ok during the weekend. However, the day (this monday) did't start so good. I had to remove and put the crypto map again.

Do you know any bug related to this particular version of IOS software running on 2801 (12.4(9)T)? Should I upgrade it?

Cheers,

Mauricio

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: