Hi all,
I am in the process of diagnosing a IPSEC problem, that i cant seem to understand. i have a tunnel that is constantly dropping connection, running a debug i see this message as the reason for the tunnel dropping:
Group = 1.1.1.1, IP = 1.1.1.1, Connection terminated for peer 1.1.1.1. Reason: IPSec SA Idle Timeout Remote Proxy 10.20.0.0, Local Proxy 10.10.252.0
Group = 1.1.1.1, Username = 1.1.1.1, IP = 1.1.1.1, Session disconnected. Session Type: IPSecLAN2LAN, Duration: 1h:02m:38s, Bytes xmt: 2300, Bytes rcv: 0, Reason: Idle Timeout
Now i think that this is basically because there is no interesting traffic (correct me if im wrong).
I am a little confused however because after reading this document:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dplane/configuration/15-1s/sec-ipsec-idle-tmrs.html
It says.....
"If the IPsec SA idle timers are not configured, only the global lifetimes for IPsec SAs are applied. SAs are maintained until the global timers expire, regardless of peer activity."
It seems that the idle timer would only kick in if it specifically configured, if not then it will just wait till use the global timer but the global timer should not tear down connection but just re-new the keys.
I am trying to find out the reason why the tunnel is dropping, but how can it be idle sa timer - if one is not configured?
Any help on this would be great.
Thanks
