Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Why did vpn tunnel go down after 24hrs

I configured a router and had an outer security access-list put on an interface which denied certain criteria. This was put on after everything was checked during an on-site installation. Nearly 24 hrs later this error message came up as the monitorinbg software showed the vpn tunnel as down - Mar 31 14:02:53.572: %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=10. He applied this line to my access-list "permit ip any any". Why did this happen and why after 24 hrs?

3 REPLIES
New Member

Re: Why did vpn tunnel go down after 24hrs

Check to make sure your key lifetime is for 24hrs. (86400) That could cause the tunnel to drop after 24hrs.

New Member

Re: Why did vpn tunnel go down after 24hrs

by default, IPSec tunnel lifetime is set a one day, 24 hrs (86400 Sec). If there is no packet is transfer between peers during this period, so the tunnel will automatically terminate. You may change this life-time in IPSec parameters.

Regards/Aman

New Member

Re: Why did vpn tunnel go down after 24hrs

VPN Tunnel has definite Security Association Lifetime. Can be different for Phase I and Phase II. Before SA time expired new SA will get negotiated. But if you want to keep tunnel "Always UP" monitor tunnel end point means inside interface thro' management station. Or otherwise yu can use Keep alive setting.

Another option set Idle Timeout of IPsec tunnel as you want.

227
Views
4
Helpful
3
Replies
CreatePlease to create content