Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN issue between SRP 512W and ISR 1811

Hi, fellows,

I have some problems with making stable VPN between SRP512W and ISR1811.

    Configuration:

       - IKE policy - 3DES/SHA1 group2(1024bits)

       - crypto map on ISR1811

One of the main issues I've noted appears when SRP loose it's IP connectivity to remote router, even if this connectivity interruption lasts for only couple of seconds. When the IP connectivity is restored SRP is unable to re-establish the IPSec session. There is connect/disconnect option in SRP menu (Status -> VPN Status -> Connect/Disconnect) and automatic VPN disable (VPN -> Site-to-Site VPN -> IKE policy -> Enable Dead Peer Detection) yet I couldn't found any option for nor automatic mechanism for VPN reconnection when the IP connectivity is reestablished. This issue lead to interruption of Site-to-Site VPN service when there is some short outages within the ISP network.

Another issue is building GRE tunnels between the same devices. Can you verify my configuration? Belive it or not - I spent more than 4-5 hours and couldn't do it.

    ISR:

     interface Tunnel1

      ip address <Tunnel IP Address / NetMask>

      tunnel source <ISR IP Address>

      tunnel destination <SRP Address>

      tunnel mode gre ip

    SRP:

     VPN -> GRE Tunnel -> Tunnel 1; WAN interface, destination IP, remote ip address/network /the tunnel seems up, but there are no IP connectivity and traffic flow

Should I make some additional settings/configurations ?

1 REPLY
Cisco Employee

VPN issue between SRP 512W and ISR 1811

Hi,

Could you please let us know which firmware you are using? 

For GRE, I've used the following IOS before:

interface Tunnel0

  ip unnumbered FastEthernet0/1

  tunnel source FastEthernet0/1

  tunnel destination

!

interface FastEthernet0/1

  ip address dhcp

  duplex auto

  speed auto

!

! Route to SRP remote subnet.

ip route 192.168.150.0 255.255.255.0 Tu0

!

SRP config is probably what you have: All defaults, Destination IP = IOS WAN, Remote IP = IOS LAN subnet.

See for more details.

Hope that helps.

Andy

621
Views
0
Helpful
1
Replies
CreatePlease to create content