PIXD to PIX Fully Meshed VPN fails to reestablish VPN after one side reboots

Discussion in 'Cisco' started by Gary, Oct 19, 2003.

  1. Gary

    Gary Guest

    When we loose one side of the VPN i.e A router reboot or Pix reboot etc etc
    we have to clear the crypto/sa on the other side of the VPN for the VPN to
    re-initiate. Is there some way for this to be automatic ? or the ends timed
    out after say 10 seconds of no link etc

    Gary
     
    Gary, Oct 19, 2003
    #1
    1. Advertisements

  2. :When we loose one side of the VPN i.e A router reboot or Pix reboot etc etc
    :we have to clear the crypto/sa on the other side of the VPN for the VPN to
    :re-initiate. Is there some way for this to be automatic ? or the ends timed
    :eek:ut after say 10 seconds of no link etc

    I've never seen that behaviour myself. Cisco indicates something
    like that can happen with a VPN5000 but not with IOS or a VPN3000
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080093f6c.shtml

    What PIX release are you using? You might need PIX 5.2 or
    later for IKE keepalives. See the PIX 'isakmp keepalive' command,
    which isn't documented until 6.0(1) but the 5.2 and 5.3 release notes
    mention it [in different contexts.]
     
    Walter Roberson, Oct 19, 2003
    #2
    1. Advertisements

  3. Gary

    Rik Bain Guest

    "debug cry isa" would help determine the cause, but chances are "isa keep
    30" might help.

    Rik
     
    Rik Bain, Oct 20, 2003
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.