Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN between Cisco 7200 and F5 Not Stable

Hello,

I require some feedback and comments for an Site to Site VPN tunnel between Cisco 7200 and F5 which is not stable

 

The Phase 1 and Phase 2 are matching but the VPN tunnel goes down.

 

dst             src             state          conn-id slot status
x.x.x.x    x.x.x.x   QM_IDLE          16388    0 ACTIVE

 

Crypto Map "NSNRAS" 1242 ipsec-isakmp
        Description: ** to Customer **
        Peer = x.x.x.x
        ISAKMP Profile: mbnl
        Extended IP access list cry-acl-mbnl
            access-list cry-acl-mbnl permit ip x.x.x.x 0.0.0.31 host 172.16.4.97
        Current peer: x.x.x.x
        Security association lifetime: 4608000 kilobytes/3600 seconds
        PFS (Y/N): Y
        DH group:  group2
        Transform sets={ 
                NSNRAS-3DES-SHA, 
        }

 

1 REPLY
New Member

Hi, Enable the debugs for the

Hi,

 

Enable the debugs for the tunnel and check the reason for the tunnel flap.

 

Make sure that the SA timers are same for both the ends.

 

Regards,

Abhishek

CCIES-35269

Regards, Abhishek Purohit CCIE-S- 35269
50
Views
0
Helpful
1
Replies