I've been having some issues with my 2801 VPN router lately.
It appears to just not being able to create new (or re-new?) SAs for new or existing tunnels.
Looking at some debug output, gives me something that i have not seen before on this device (or any other):
Jul 12 10:24:33.573 METDST: crypto_engine_ipsec_key_create_by_keys: no available flows Jul 12 10:24:33.573 METDST: ISAKMP:(0:1679:SW:1):error from epa_ikmp_gen_ipsec(1) (QM_IDLE ) -Traceback= 0x615F7BA0 0x615E3974 0x61607AD8 0x6187E7D0 0x6160842C 0x615D38CC 0x615DE060 0x615D8DD4 Jul 12 10:24:33.577 METDST: ISAKMP:(0:1679:SW:1):gen IPsec SA in slot 17 failed! Jul 12 10:24:33.577 METDST: ISAKMP:(0:1679:SW:1):Unable to generate IPsec key for -2103449435!
Of course there are lots of other messages, but these stand out as someone i have not seen before. Especially the "Traceback" part troubles me.
This router, running Cisco IOS Software, 2801 Software (C2801-ADVSECURITYK9-M), Version 12.4(10), RELEASE SOFTWARE (fc1), have around 90 configured tunnels, with around 40 or so "active" at anyone time.
Could i be hitting a hardware limit or similar?
I have not been able to google my way to anything, bot am hoping that some of you may be able to show me the path.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...