Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ipsec tunnel doesn rebuilds automatically after power cycle of spoke router

Hi all

Iam using IPSEC over GRE with virtual tunnel interface. Whenever I reboot the spoke router the isakmp phase 1 comes up and iam able to see qm_idle. But the interestring stops passing, in otherwords ipsec is not coming up and until i do clear isakmp from the hub router the remote site is isolated from the enterprise network.

 

Iam attahing the config for your review

 

Does anyone face the same problem can help me out resolve the problem

 

 

 

 

 

1 REPLY

Re: ipsec tunnel doesn rebuilds automatically after power cycle

Two most common solutions for this problem you have implemented already (IKE DPD and SPI Recovery). I guess as a temporary workaround you could reduce the Security Association IDLE/Absolute timers to see if this can help clear your SAs automatically (without requiring manual intervention from your side). Of course this would require more resources on the routers, but consider this as a band-aid solution.

Also your efforts in taking time out to sanitize the configurations are really commendable, but you did leave back a lot of 'critical' information. Please keep that in mind in future.

Regards

Farrukh

124
Views
0
Helpful
1
Replies
CreatePlease to create content