And similar on the other side. It all works great, once the tunnel is up and running. However if I don't send any data from the 192.168.1 network to the 1.1.1 network for a while (5-10 minutes?), it seems to drop the tunnel, and the first request I make fails (I guess because the tunnel is establishing). Subsequent requests work fine again, but the first one always fails.
Is there any way to (preferably) make the first request succeed? Or if not, how to make the tunnel not drop after a certain time has passed? I have tried:
Jul 19 12:50:48.145: ISAKMP:(0:6:SW:1):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
... every few minutes. It doesn't seem to be regular: 12:50:48, 12:53:00, 13:04:04, 13:07:36...even though the keepalive is set to 10 seconds. Not sure why that is.
When it "drops", there's no logging and when it reestablishes there's nothing either. Which seems to suggest it's not actually dropping..... but when I remove the IPSec tunnel, I don't get the problem. So it must be something to do with it.
On either of the routers do you have any previous vpn configured either l2l or remote vpn? if yes, please can you copy the crypto map commands and paste lets see?
What is your routing to the destination like?
I recently faced such related to the first question I asked. I had on an ASA a l2l and Remote VPN configured, those were working perfectly fine no issues whatsoever. This happend last friday and saturday!
I configured the third l2l vpn with ASA3. All my configs were fine and all that.....but the tunnel kept dropping after a while and it goes int different mode state, showing MM_Active, MM_WAIT_MSG 2-6. Mine did pass traffic for a while but stopped.
I the problem was that I placed the crypto map for the ASA3 connection at the bottom....Crypto maps work just like you ACL! Your router would treat it just the same way! If you L2L is very important then move it i mean the crypto map statement above any other you have.
Also you have to look at the routing for your network just so you make sure all the packets get to desination as expected.
The debugs on the other side look the same. There's nothing apart from R_U_THERE messages.
On one of the other routers there is a VPN to another company, this one seems to remain up and has R_U_THERE packets every 20 seconds without fail. I don't understand why I am not getting keepalives on this connection every 20 seconds? Config:
crypto map MyCryptoMap 5 ipsec-isakmp
set peer XXX.xXX.XXX.XXX
set transform-set PTransformSet
set pfs group2
match address CryptoP
It's exactly the same as our tunnel but with different IP's and password.
Both sites have public internet connections. With the VPN up, I get 100% packet transfer, but if I don't send any data for 5-10 minutes, the first few packets I send fail. Without the VPN tunnel I get 100% packet transfer - even if I leave it idle the first packets succeed.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...