Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN often hanging up

Dear friends,

I have the following scenario:

2 site-to-site VPNs. The first one is established between a 2801 and a 1841, both using Advanced IP Services (versions right below). The second one is established between the same previous 2801 and a PIX 515E.

The VPN between the two routers is ok, but that one between the 2801 and the PIX is frequently hanging up. To put it up, I have to remove the crypto map from the router's outside interface and put it again.

What could be the cause of this??? These are the versions of softwares running on my boxes:

. 1841 -> Advanced IP Services - 12.4(9)T1

. 2801 -> Advanced IP Services - 12.4(9)T

. PIX 515E -> 7.0(2)

Regards!

3 REPLIES
Cisco Employee

Re: VPN often hanging up

Hi,

The problem that you are facing could be caused by the IPSEC SA lifetimes. The default SA lifetime on the router is 3600 seconds (1 hour) and the default IPSEC SA lifetime on the PIX is 28800 seconds (8 hours). So please make sure that they are the same on othe the boxes. To confirm you can use the following command on the router:

show crypto ipsec security-association lifetime

When you type 'sh run cry map' on the PIX and don't see any specific lifetime configured then it is indicative that we are using the default lifetime. You can either configure 28800 on the router for the specific tunnel under the crypto map or 3600 on the PIX for the specific tunnel under the crypto map.

HTH,

Please rate if it helps,

Regards,

Kamal

New Member

Re: VPN often hanging up

Kamal,

I configured this in my boxes and I'll wait until the end of today to see the results. I would answer you about the progress.

Thanks!

New Member

Re: VPN often hanging up

Hi, Kamal,

I did what you asked me. The VPN seemed to be ok during the weekend. However, the day (this monday) did't start so good. I had to remove and put the crypto map again.

Do you know any bug related to this particular version of IOS software running on 2801 (12.4(9)T)? Should I upgrade it?

Cheers,

Mauricio

89
Views
0
Helpful
3
Replies