PIXD to PIX Fully Meshed VPN fails to reestablish VPN after one side reboots

Discussion in 'Cisco' started by Gary, Oct 19, 2003.

  1. Gary

    Gary Guest

    When we loose one side of the VPN i.e A router reboot or Pix reboot etc etc
    we have to clear the crypto/sa on the other side of the VPN for the VPN to
    re-initiate. Is there some way for this to be automatic ? or the ends timed
    out after say 10 seconds of no link etc

    Gary
    Gary, Oct 19, 2003
    #1
    1. Advertising

  2. In article <Toxkb.90278$AH4.39586@lakeread06>,
    Gary <> wrote:
    :When we loose one side of the VPN i.e A router reboot or Pix reboot etc etc
    :we have to clear the crypto/sa on the other side of the VPN for the VPN to
    :re-initiate. Is there some way for this to be automatic ? or the ends timed
    :eek:ut after say 10 seconds of no link etc

    I've never seen that behaviour myself. Cisco indicates something
    like that can happen with a VPN5000 but not with IOS or a VPN3000
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080093f6c.shtml

    What PIX release are you using? You might need PIX 5.2 or
    later for IKE keepalives. See the PIX 'isakmp keepalive' command,
    which isn't documented until 6.0(1) but the 5.2 and 5.3 release notes
    mention it [in different contexts.]
    --
    I wrote a hack in microcode,
    with a goto on each line,
    it runs as fast as Superman,
    but not quite every time! -- Dave Touretzky and Don Libes
    Walter Roberson, Oct 19, 2003
    #2
    1. Advertising

  3. Gary

    Rik Bain Guest

    On Sun, 19 Oct 2003 20:41:57 +0600, Gary wrote:

    > When we loose one side of the VPN i.e A router reboot or Pix reboot etc
    > etc we have to clear the crypto/sa on the other side of the VPN for the
    > VPN to re-initiate. Is there some way for this to be automatic ? or the
    > ends timed out after say 10 seconds of no link etc
    >
    > Gary


    "debug cry isa" would help determine the cause, but chances are "isa keep
    30" might help.

    Rik
    Rik Bain, Oct 20, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Richard

    PIX to PIX to PIX meshed VPN

    Richard, Nov 13, 2003, in forum: Cisco
    Replies:
    1
    Views:
    597
    Richard
    Nov 15, 2003
  2. BG
    Replies:
    1
    Views:
    694
    Walter Roberson
    Nov 17, 2003
  3. Damir Dezeljin
    Replies:
    0
    Views:
    853
    Damir Dezeljin
    Dec 12, 2003
  4. Bill F
    Replies:
    3
    Views:
    2,027
    Walter Roberson
    Dec 3, 2004
  5. linguafr

    OSPF in fully meshed environment

    linguafr, Mar 8, 2007, in forum: Cisco
    Replies:
    9
    Views:
    466
    stephen
    Mar 13, 2007
Loading...

Share This Page