11-18-2011 02:31 AM - edited 03-12-2019 06:02 PM
Hi All,
We have site to site tunnel suddenly the tunnel got disconnected and we recieved error such as
IKE Peer: 196.25.48.3
     Type    : L2L             Role    : responder 
    Rekey   :  yes             State   :  MM_ACTIVE_REKEY
   
 IKE Peer:  196.25.48.3
     Type    : L2L             Role    : responder 
    Rekey   :  no              State   :  MM_REKEY_DONE_H2
And after time tunnel was up automotically.When confirmed to far end network admin no changes where made from there side.From our side no changes were made.
My question is there any other factors for tunnel down reason.
11-18-2011 05:22 AM
Should be related to SA life cycle check both end if there is mismatch or very short duration is configured.
11-18-2011 05:36 AM
Hi Ajay
Now the tunnel is displaying as
IKE Peer: 196.25.48.3
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
But the problem is we are not able to connect some remote machine as checked phase i is up and we have allowed ip range on firewall and there is no log when excuted show connection command.
Can u please suggest some command to check where the problem is there.
11-18-2011 05:42 AM
I would suggest following-
1) check all parameters both end should be same for phase 1 and 2
2) check pfs setting if configured should be on both side also can be tested removing both end.
3) check crypto acl
4) show ipsec sa to check if some traffic going might be one way.
5) finally run the packet tracer command
packet-tracer input inside 
it will show you what is happening in packet flow.
Thanks
Ajay
11-18-2011 06:07 AM
Hi Ajay,
Problem we are able to take remote of one machine But not able to take any another machine which are in same range.
when i excuted the command show crypto ipsec sa encryped packets are increasing but decrypted packet remains same.
Is it problem is from far end?
11-18-2011 06:09 AM
yes might be pfs is on other side would suggest to take a look on remote .
11-18-2011 06:24 AM
Hi please suggest on above output
11-18-2011 06:35 AM
looks like dropped by crypto acl please paste the config then only i can suggest something.
11-18-2011 10:25 PM
Hi Ajay,
Issue is solved , there is some problem from far end.
Thanks
11-18-2011 11:59 PM
Great
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide