Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
450
Views
0
Helpful
2
Replies

VPN Concentrator L2L tunnels disconnects

stuart.jones
Level 1
Level 1

‎04-15-2009 02:06 PM - edited ‎02-21-2020 03:24 AM

Hi,

I am hoping someone will be able to help me, as i am having problems resolving an issue i have with a L2L tunnel.

I am very much a newbie to the VPN concentrator so that is not helping.

I have a L2L tunnel from my client to a external party in this case it is SAP.

My client runs a 'SAP router' app on one of their servers which monitors the connection to the SAP network. Intermittantly this app reports the connection as being down.

My concentrator is processing other L2L tunnels and client/laptop VPN sessions at the samtime these disconnects occur so i dont think its my infrastructure as such.

Around the time the app reports the loss i see in the syslogs the following

SEV=5 IKE/50 RPT=3979 <remote IP> Group [<remote IP>] Connection terminated for peer <remote IP>. Reason: Peer Terminate Remote Proxy <remote IP LAN>, Local Proxy <my local proxy IP>

I am trying to figure out from this message why the tunnel is dropping and who is deciding to do the terminating is the problem my end or the far end ?

This tunnel can be up for many hours or just a few minutes sometimes before i get this message

Any help would be very much appreciated.

My end Cisco 3000 series concentrator SAP end is Cisco 7200 router.

0 Helpful
2 Replies 2

Ivan Martinon
Level 7
Level 7

‎04-17-2009 07:31 AM

Can you please check that both ends have the lifetime set correctly? if they are set to defaults this will cause a mismatch since they have diff values and this is known to affect.

0 Helpful

stuart.jones
Level 1
Level 1
In response to Ivan Martinon

‎04-20-2009 04:42 PM

Hi,

Thanks for the reply.

We did have a difference in the lifetimes, this has now been corrected but we still see the diconnects.

IKE lifetime now 14,400 mins

IPSEC lifetime now 7200 secs

On both ends, but same message in that its terminating the L2L tunnel but no real reason why ?

Thanks

Stu

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card