Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
736
Views
0
Helpful
2
Replies

The IPSec tunnel does not come UP for interesting traffic

gauravshar
Level 2
Level 2

‎10-14-2010 02:03 PM - edited ‎03-11-2019 11:54 AM

Hi there,

We have the tunnel with one of our business partner. We have an 1841 router at ouor end and they have ASA at their end. The traffic does not come UP when they start the intresting traffic 'sometimes'. When it does not come UP even after the traffic form their side, we have to re-establish the tunnel by 'clear crypto isa sa XYZ'. We have some more such tunnels on this router and they do not have this problem.

Our ACL's match, and tunnel works fine if we let it re-negotiate it.

The router at our side has this logs every now and then, almost everyday atleast 3-4 times:

IP_VFR-4-FRAG_TABLE_OVERFLOW:

Has the tunnel not coming up to do something with this log. I have not tried to increase the default value of 'datagrams to reassemble' at the inteface to get rid of this log.

Thanks,

Gaurav

Labels:
0 Helpful
2 Replies 2

Diego Armando Cambronero Arias
Level 3
Level 3

‎10-14-2010 02:10 PM

Could you attach both configurations

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to Diego Armando Cambronero Arias

‎10-16-2010 12:17 PM

Hi

Diego is right, and also if you could attach the log from the firewall at the moment that the tunnel is torn down it would be great. I also have some other questions:

1-Are the tunnels for the other also ending in ASA firewalls?

2-Are they all running the same OS?

3-Are they all the same hardware?

4-How often the problems happens?

5-Is it reproducible?

Thanks.


Mike

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card