Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VTI tunnels flapping

Hi Folks

I have around 400 sites connected to Head office using IPsec tunnels (VTI tunnels).

Some of the sites have a particular issue.The tunnels go down and again come up after every hour or less.router logs as below

*********************************************************************************************

006136: Jan 18 10:14:21.338 central: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 7665: Neighb
or 172.21.5.2 (Tunnel2) is down: holding time expired
006137: Jan 18 10:14:21.510 central: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 7665: Neighb
or 172.21.5.1 (Tunnel1) is down: holding time expired
006138: Jan 18 10:14:23.474 central: %LINEPROTO-5-UPDOWN: Line protocol on Inter
face Tunnel1, changed state to down
006139: Jan 18 10:14:24.418 central: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd
IPSEC packet has invalid spi for destaddr=66.112.191.134, prot=50, spi=0xDDA6E79
8(3718703000), srcaddr=163.123.1.1
006140: Jan 18 10:14:25.974 central: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 7665: Neighb
or 172.21.5.2 (Tunnel2) is up: new adjacency
006141: Jan 18 10:14:27.934 central: %CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED: IKE
default policy was matched and is being used.
006142: Jan 18 10:14:27.934 central: %CRYPTO-4-IKE_DEFAULT_POLICY_ACCEPTED: IKE
default policy was matched and is being used.
006143: Jan 18 10:14:39.554 central: %LINEPROTO-5-UPDOWN: Line protocol on Inter
face Tunnel1, changed state to up
006144: Jan 18 10:14:40.614 central: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 7665: Neighb
or 172.21.5.1 (Tunnel1) is up: new adjacency
***********************************************************************************************

I chased ISP and ensured the link is stable.Any solution please???

374
Views
0
Helpful
0
Replies