cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
289
Views
0
Helpful
3
Replies

VPN 3k tunnels die if concentrator loses network connectivity

bwindle
Level 1
Level 1

I have a VPN 3030 Concentrator running 4.0.5 (It will be upgraded to 4.1 this weekend) and several 501/506e PIXes running 6.3.4 in a hub-n-spoke config. The concentrator is connected to a switch, which connects to our Internet gateway router. If the switch is rebooted or the Concentrator is unplugged from the switch for a few seconds, all IPSec/LAN-to-LAN 3DES-168 tunnels from our remote PIXs enter a zombie state; the tunnels show as up on the concentrator, but no traffic flows. If I "logout" the remote IPsec tunnels, the tunnels won't come back up. I have to reboot the Concentrator, and then the tunnels come up again. Is this a bug or a feature?

3 Replies 3

jackko
Level 7
Level 7

"isakmp keepalive" may resolve this issue.

for cvpn 3030,

go configuration > user management > groups > ipsec, the third option is "ike keepalives"

for pix,

issue the command "isakmp keepalive "

Yes, thank you!!! I'm not sure why the person who set this up would have made keepalives (and idle time set to 0), but that fixed it. Thank you!!

it's good to learn that your issue has been resolved.

according to cisco,

Why should I rate posts?

If you see a post that you think deserves recognition, please take a moment to rate it.

You'll be helping yourself and others to quickly identify useful content -- as determined by members. And you'll be ensuring that people who generously share their expertise are properly acknowledged. As posts are rated, the value of those ratings are accumulated as "points" and summarized on the Member Profile page and on each member's Preferences page.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: