Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
213
Views
0
Helpful
1
Replies

VPN between Cisco 7200 and F5 Not Stable

hp.nokianoc
Level 1
Level 1

‎06-10-2014 09:17 PM

Hello,

I require some feedback and comments for an Site to Site VPN tunnel between Cisco 7200 and F5 which is not stable

 

The Phase 1 and Phase 2 are matching but the VPN tunnel goes down.

 

dst             src             state          conn-id slot status
x.x.x.x    x.x.x.x   QM_IDLE          16388    0 ACTIVE

 

Crypto Map "NSNRAS" 1242 ipsec-isakmp
        Description: ** to Customer **
        Peer = x.x.x.x
        ISAKMP Profile: mbnl
        Extended IP access list cry-acl-mbnl
            access-list cry-acl-mbnl permit ip x.x.x.x 0.0.0.31 host 172.16.4.97
        Current peer: x.x.x.x
        Security association lifetime: 4608000 kilobytes/3600 seconds
        PFS (Y/N): Y
        DH group:  group2
        Transform sets={ 
                NSNRAS-3DES-SHA, 
        }

 

Labels:
0 Helpful
1 Reply 1

Abhishek Purohit
Level 1
Level 1

‎09-08-2014 11:35 PM

Hi,

 

Enable the debugs for the tunnel and check the reason for the tunnel flap.

 

Make sure that the SA timers are same for both the ends.

 

Regards,

Abhishek

CCIES-35269

Regards, Abhishek Purohit CCIE-S- 35269
0 Helpful
Customers Also Viewed These Support Documents