Hi Folks
I have around 400 sites connected to Head office using IPsec tunnels (VTI tunnels).
Some of the sites have a particular issue.The tunnels go down and again come up after every hour or less.router logs as below
*********************************************************************************************
006136: Jan 18 10:14:21.338 central: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 7665: Neighb
or 172.21.5.2 (Tunnel2) is down: holding time expired
006137: Jan 18 10:14:21.510 central: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 7665: Neighb
or 172.21.5.1 (Tunnel1) is down: holding time expired
006138: Jan 18 10:14:23.474 central: %LINEPROTO-5-UPDOWN: Line protocol on Inter
face Tunnel1, changed state to down
006139: Jan 18 10:14:24.418 central: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd
IPSEC packet has invalid spi for destaddr=66.112.191.134, prot=50, spi=0xDDA6E79
8(3718703000), srcaddr=163.123.1.1
006140: Jan 18 10:14:25.974 central: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 7665: Neighb
or 172.21.5.2 (Tunnel2) is up: new adjacency
006141: Jan 18 10:14:27.934 central: %CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED: IKE
default policy was matched and is being used.
006142: Jan 18 10:14:27.934 central: %CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED: IKE
default policy was matched and is being used.
006143: Jan 18 10:14:39.554 central: %LINEPROTO-5-UPDOWN: Line protocol on Inter
face Tunnel1, changed state to up
006144: Jan 18 10:14:40.614 central: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 7665: Neighb
or 172.21.5.1 (Tunnel1) is up: new adjacency
***********************************************************************************************
I chased ISP and ensured the link is stable.Any solution please???
