Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
222
Views
0
Helpful
1
Replies

VPN with GRE on 1841

stuartharvey
Level 1
Level 1

‎01-30-2007 01:11 AM - edited ‎03-03-2019 03:33 PM

We have a client that has 3 x 1841-SEC-K9?s, all have the revision 12.4.9 advanced IP Services image. We run a fully meshed static VPN which is implemented over GRE tunnelling using EIGRP routing. 2 of the sites use a 2MB SDSL connection and both of these sites also have remote clients that use Cisco VPN client s/w to connect in securely. The 3rd site uses 2 x 2MB SDSL connections as it is the main site. The static VPN?s to the 2 sites are each pointed down its own 2MB SDSL. One of these is the default gateway. This has worked fine for the best part of 8 months. Our client then decided that they wanted the same remote VPN client access at the main site, as they have at the other 2 sites. We added the config for this and it worked fine. Then the client complained of slower connectivity over the VPN?s. On investigation we found that the VPN that runs on the default gateway(dialer1) was showing ?down-negotiating?. The site at the other end was showing ?up-Idle???? Connectivity was simply being made between the sites due to the fact that we use EIGRP routing and the 3 sites are fully meshed. Consequently traffic for both VPN?s are going out of Dialer 2 (which is not the default gateway).

We have spent a fair bit of time looking into this and in the end we re-installed a replacement router with just the static VPN config. This worked perfectly well. I then went in and added the client remote VPN part of the config and this proved to be working too. I got the client to use this method of connection and using the ?sh crypto session? command could see both the static VPN?s on Dialer?s 1 (DG) and 2 and the VPN client connected on Dialer1.

I remotely checked this and all stayed up and working ofr about 3 days. Then the Static VPN out of dialer1 again showed ?Down-negotiating? while the opposing end says ?up-Idle?. I cannot understand why this works perfectly and stably for 3 days then just stops working. If I reboot both the routers they come up in the same state. I am assuming that there is not a hardware issue as the kit is otherwise working, and not a config issue as this works fine for 3 days!

Do you know what the problem is and how we can fix it?

Any help or advice you could give to help us resolve this would be very much appreciated. If you require any configuration information etc just let me know and I can send it to you

Kind regards

Labels:
0 Helpful
1 Reply 1

stuartharvey
Level 1
Level 1

‎02-06-2007 09:11 AM

I have fixed this myself!

Found an error in the config where we were missing the "no-xauth" off of the end of the crypto key statements.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card