ipsec tunnel doesn rebuilds automatically after power cycle of spoke router
Iam using IPSEC over GRE with virtual tunnel interface. Whenever I reboot the spoke router the isakmp phase 1 comes up and iam able to see qm_idle. But the interestring stops passing, in otherwords ipsec is not coming up and until i do clear isakmp from the hub router the remote site is isolated from the enterprise network.
Iam attahing the config for your review
Does anyone face the same problem can help me out resolve the problem
Re: ipsec tunnel doesn rebuilds automatically after power cycle
Two most common solutions for this problem you have implemented already (IKE DPD and SPI Recovery). I guess as a temporary workaround you could reduce the Security Association IDLE/Absolute timers to see if this can help clear your SAs automatically (without requiring manual intervention from your side). Of course this would require more resources on the routers, but consider this as a band-aid solution.
Also your efforts in taking time out to sanitize the configurations are really commendable, but you did leave back a lot of 'critical' information. Please keep that in mind in future.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...