Hallo All,

I have problem with my IPsec VPN between Cisco1841 am OpenBSD Server.

Sice today 4:00 am the VPN has about 20% packet loss and all comunication between this sites are blocked.

Before this it worked for about 2 years without problems and we changed nothing at both sides.

The normal traffic which gose not throught is working fine.

I think the problem hase to be at the cisco, beacause all other sites connecting ti the OpenBSD Server are working fine, too.

The cisco is configured like this:

crypto isakmp policy 2

encr aes

authentication pre-share

crypto isakmp key xyzxyzxyz address 123.456.789.1 no-xauth

crypto isakmp keepalive 10 periodic

!

!

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac

!

crypto map SDM_CMAP_1 1 ipsec-isakmp

description Tunnel_Holding

set peer 123.456.789.1

set transform-set ESP-AES-SHA ESP-3DES-SHA ESP-3DES-SHA1

match address 104

!

crypto map SDM_CMAP_2 1 ipsec-isakmp

description Tunnel to123.456.789.1

set peer 123.456.789.1

set transform-set ESP-3DES-SHA2

match address 102

!

!

!

interface FastEthernet0/0

description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$

ip address 11.22.33.1 255.255.255.0

ip access-group 100 in

no ip redirects

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

description $FW_OUTSIDE$$ETH-LAN$

ip address 44.55.66.2 255.255.255.0

ip access-group sdm_fastethernet0/1_in in

no ip redirects

no ip proxy-arp

ip mtu 1390

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

no mop enabled

crypto map SDM_CMAP_2

!

ip classless

ip route 0.0.0.0 0.0.0.0 44.55.66.254 permanent

Is there someone who could help me????

Best Regards

Dominik