Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
719
Views
0
Helpful
1
Replies

vpn tunnel flaps

dondongamo
Level 1
Level 1

‎03-14-2006 03:41 AM - edited ‎02-21-2020 02:18 PM

Hi

Given below are debug results fr pix 535 v7.0, we faced this flapping of tunnel even if both ends match the policies, i tried clearing both SAs yet prob still persists & the strange thing is commands like sysopt connection permit-ipsec & crypto map vpn interface int_admin are not showing fr show run crypto command even if both are given already btw with old pix515 v6.3 we didn't face this such issue

Any idea ? TIA

"Jan 01 22:15:38 [IKEv1]: QM IsRekeyed old sa not found by add

r

Jan 01 22:15:38 [IKEv1]: QM FSM error (P2 struct &0x40ebf58, mess id 0x1bb690a7)

!

Jan 01 22:15:38 [IKEv1]: Group = 172.17.24.1, IP = 172.17.24.1, Removing peer fr

om correlator table failed, no match!..."

Labels:
0 Helpful
1 Reply 1

jackko
Level 7
Level 7

‎03-14-2006 04:18 AM

firstly, the sysopt is no longer shown with "sh run". you may do "sh run sysopt" instead.

regarding the vpn issue, i was just wondering if the issue occurs straight after the upgrade from 6.3 to 7.0 or not. and whether the codes for vpn has been modified manually. the reason being that the upgrade process is meant to auto modify the codes, however, it doesn't do well with vpn.

for further assistance, please post the entire config with public ip masked.

0 Helpful
Customers Also Viewed These Support Documents