Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1271
Views
0
Helpful
2
Replies

IPsec Tunnel unstable

engineer_msu
Level 1
Level 1

‎03-19-2015 01:29 AM - edited ‎03-11-2019 10:39 PM

Dear Experts,

I am facing an issue with IPsec Tunnel. the tunnel is unstable.

 

We have Cisco ASA at HO and Cisco Router at Remote Branch.

from HO we have 5 tunnels, all are stable, only one tunnel is unstable. it is establishing and then disconnecting. Please let me know what shall I check at remote end as every thing seems to be fine with ASA.

 

the MM_WAIT message keep on changing and the status becoming MM_ACTIVE, then after 1 minute the tunnel is going down. Then again the same cycle is repeated.

 

Please help to understand the issue.

2 people had this problem
Labels:
0 Helpful
2 Replies 2

jj27
Spotlight
Spotlight

‎03-19-2015 07:10 AM

Are you ever able to have the tunnel up for a long amount of time and are you able to pass any traffic at all across the tunnel? If not, to me that suggests that phase 1 is completing, but your phase 2 is mismatched.  If you do show crypto ipsec sa peer x.x.x.x where x.x.x.x is the peer IP address, do you see any SAs listed when the tunnel is in MM_ACTIVE state?

0 Helpful

engineer_msu
Level 1
Level 1
In response to jj27

‎03-19-2015 10:58 AM

The tunnel was up and it was working perfectly. The problem started just two days back. We didnt made any change either in firewall or router. This problem started autometically. Even now when the tunnel is showing as active, we are able to ping the remote lan but its becoming active just for 1 min then going down again.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card