Re: Site-to-Site VPN error on FMC

sam cook · ‎05-24-2018

Hi ,

I'm running FMC on FTD 2100 and I have 2 VPN errors displaying on my 2 site-toSite VPN's that I can not undesrtand : Please see screenshots :

Error 1 : VPN is inactive due to Idle Timeout

Error 2 : VPN is inactive due to User Requested.

Any help please ?

mikael.lahtela · ‎05-29-2018

Hi,

SSH to the 2100 and connect to system support diagnostic-cli and use show crypto commands to troubleshoot the L2L connection.

br, Micke

Jon Are Endrerud · ‎10-24-2019

I have the same problem with IKE1 IPsec from 2130 to 5506 and 5505. I will change to IKE2 as soon as possible.

But, when using the "show crypto" command, how do I troubleshoot a problem like "idle timeout" ? I have check the values and the endpoint B is set to unlimited. Cant find out where to change this on the 2130.

Please rate as helpful, if that would be the case. Thanx

OscardeJesusTegomaAguilar26091 · ‎05-18-2020

Hi!

Error 1 : VPN is inactive due to Idle Timeout

Our peer sent a notification to the other peer, because the tunnel VPN doesn´t have traffic inside itself in the last 30 minutes (by default), so the Tunnel goes down.

Error 2 : VPN is inactive due to User Requested.

The other peer sent a notification to our other peer, because the tunnel VPN doesn´t have traffic inside itself in the last 30 minutes (by default), so the Tunnel goes down.

If you use the show running-config all group-policy you can review the vpn-idle-timeout in your group policy, in my case this is "DfltGrpPolicy" and shows 30 minutes.