I have a hub-spoke topology with GRE tunnels using OSPF. There are two tunnels each associated to their own physical interface on each router. All the connectivty is fine. However, this design is a redundant design so I am testing the failure of the links (physical interfaces as well as the tunnels). When I "shutdown" the Tunnel0 or Tunnel1 interface the traffic is reestablished over the other physical/logical route and pings continue. When I "no shutdown" the interface everything returns back to normal. So far so good....now when I physically remove the cable from the hub router interface FA0/0 or FA0/1 the tunnel will NOT failover to the active interface..AND when I reconnect the cable the tunnel cannot re-establish. I get the "crypto-4-recvd_pkt_inv_spi" error. When I issue the "clear crytpo session" on the hub or spoke the tunnel comes back up. I have tried the "crytpo isakmp invalid-spi-recovery" command but it does not change the results.
I am running version 12.4(13r)T on all routers.
Any ideas on what I can try to make this work if I physically lose a port or connection?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...