Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Routes remain in routing table after vpn client disconnect

I am facing this issue for my easy vpn server and clients.

My Cisco 3825 has an easy vpn server configuration with an ip pool. When one of the client disconnects and his isakmp and ipsec sa deleted by router itself. The route pointing to the ip pool's ip address is still in routing table!!! This time another vpn client connects and get the same ip pool's ip address. But, this new connected vpn client is located on another interface of the router. So, an extreme problem occur! A route pointing to 2 next hops is created! So bad!

Can another help me? How can I delete the bad route?

Thanks!

Jason Lam

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Routes remain in routing table after vpn client disconnect

It may be worthwhile upgrading as there were numerous RRI issues in earlier versions of code with the routes not being deleted when the SA goes down, etc.

6 REPLIES
Cisco Employee

Re: Routes remain in routing table after vpn client disconnect

What version of IOS are you using? There are some problems with RRI, which is what I'm assuming you're using.

Community Member

Re: Routes remain in routing table after vpn client disconnect

Hi Auraza,

Version is c3825-adventerprisek9-mz.124-16b.bin with AIM-VPN/EPII-PLUS.

Thanks!

Jason

Cisco Employee

Re: Routes remain in routing table after vpn client disconnect

It may be worthwhile upgrading as there were numerous RRI issues in earlier versions of code with the routes not being deleted when the SA goes down, etc.

Community Member

Re: Routes remain in routing table after vpn client disconnect

Hi Auraza,

I have just upgraded the IOS to newest 12.4.25b. And monitoring the RRI currently.

Best Regards,

Jason

Community Member

Re: Routes remain in routing table after vpn client disconnect

Any luck here? I'm having the same issue with a different IOS.

Community Member

Re: Routes remain in routing table after vpn client disconnect

Yes, the router seems to be able to delete the route entries after the crypto IPSec SA deleted. My new version of IOS is the newest of 12.4--12.4.25a.

Best Regards

Jason

183
Views
0
Helpful
6
Replies
CreatePlease to create content