Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Always need to reboot router for ipsec tunnel to server

I am having one branch office. Desktop users connect my office via Ipsec tunnel at my H.O(main).Desktop(Users) obtain ip address via DHCP server & they connect to all my other server via ipsec tunnel. But few of my user gets disconnected & they are not able to ping to my server.i.e

DESKTOP_USER--BRANCH_ROUTER==IPSEC TUNNEL = HO-ROUTER-FIREWALL--DESKTOP_USERS. Assume one user -192.168.0.12 gets connected, via ipsec tunnel & able to ping server,but after some time pinging to server stops. Then the user with 192.168.0.12 ip will come to router & will not be able to ping to mu server. We have to change the ip address & then try to ping it works, but with same ip 192.168.0.12 it doesnt work. Alternately if we want to use that same ip 192.168.0.12, we have to reboot router in order to get access to server.As we are having fire wall, packet comes to router interface i.e facing towards internet,so we cant troubleshoot.

Only solution we have, we have to change Ip address or we need to reboot the Router.

3 REPLIES
New Member

Re: Always need to reboot router for ipsec tunnel to server

Have you tried a different IOS version to see if it is experiencing the same problem?

Re: Always need to reboot router for ipsec tunnel to server

Hi Qureshi,

To be honest, I can't see the reason for such a strange behavior of IPSec tunnel.

I have one idea though that you can give a shot:

Can you configure "crypto isakmp keepalive 10" on both sides of the IPSec tunnel.

Let's see if this helps.

Thanks:

Istvan

New Member

Re: Always need to reboot router for ipsec tunnel to server

In fact, I faced same problem with two PCs in customer LAN, the network was ISDN connection to ISP, When I pinged the CISCO ISDN router from that two PCs I got time out but when I changed the ip of that PCs I got reply from router so I formate the two PCs and the problem fixed, I think the problem in the PC not in VPN configuration

215
Views
0
Helpful
3
Replies