Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN 3k tunnels die if concentrator loses network connectivity

I have a VPN 3030 Concentrator running 4.0.5 (It will be upgraded to 4.1 this weekend) and several 501/506e PIXes running 6.3.4 in a hub-n-spoke config. The concentrator is connected to a switch, which connects to our Internet gateway router. If the switch is rebooted or the Concentrator is unplugged from the switch for a few seconds, all IPSec/LAN-to-LAN 3DES-168 tunnels from our remote PIXs enter a zombie state; the tunnels show as up on the concentrator, but no traffic flows. If I "logout" the remote IPsec tunnels, the tunnels won't come back up. I have to reboot the Concentrator, and then the tunnels come up again. Is this a bug or a feature?

3 REPLIES
Gold

Re: VPN 3k tunnels die if concentrator loses network connectivit

"isakmp keepalive" may resolve this issue.

for cvpn 3030,

go configuration > user management > groups > ipsec, the third option is "ike keepalives"

for pix,

issue the command "isakmp keepalive "

New Member

Re: VPN 3k tunnels die if concentrator loses network connectivit

Yes, thank you!!! I'm not sure why the person who set this up would have made keepalives (and idle time set to 0), but that fixed it. Thank you!!

Gold

Re: VPN 3k tunnels die if concentrator loses network connectivit

it's good to learn that your issue has been resolved.

according to cisco,

Why should I rate posts?

If you see a post that you think deserves recognition, please take a moment to rate it.

You'll be helping yourself and others to quickly identify useful content -- as determined by members. And you'll be ensuring that people who generously share their expertise are properly acknowledged. As posts are rated, the value of those ratings are accumulated as "points" and summarized on the Member Profile page and on each member's Preferences page.

143
Views
0
Helpful
3
Replies
CreatePlease to create content