Re: Always need to reboot router for ipsec tunnel to server

qureshi_asrar · ‎10-16-2008

I am having one branch office. Desktop users connect my office via Ipsec tunnel at my H.O(main).Desktop(Users) obtain ip address via DHCP server & they connect to all my other server via ipsec tunnel. But few of my user gets disconnected & they are not able to ping to my server.i.e

DESKTOP_USER--BRANCH_ROUTER==IPSEC TUNNEL = HO-ROUTER-FIREWALL--DESKTOP_USERS. Assume one user -192.168.0.12 gets connected, via ipsec tunnel & able to ping server,but after some time pinging to server stops. Then the user with 192.168.0.12 ip will come to router & will not be able to ping to mu server. We have to change the ip address & then try to ping it works, but with same ip 192.168.0.12 it doesnt work. Alternately if we want to use that same ip 192.168.0.12, we have to reboot router in order to get access to server.As we are having fire wall, packet comes to router interface i.e facing towards internet,so we cant troubleshoot.

Only solution we have, we have to change Ip address or we need to reboot the Router.

cyberglobe · ‎10-18-2008

Have you tried a different IOS version to see if it is experiencing the same problem?

Istvan_Rabai · ‎10-18-2008

Hi Qureshi,

To be honest, I can't see the reason for such a strange behavior of IPSec tunnel.

I have one idea though that you can give a shot:

Can you configure "crypto isakmp keepalive 10" on both sides of the IPSec tunnel.

Let's see if this helps.

Thanks:

Istvan

yahoo2006 · ‎10-19-2008

In fact, I faced same problem with two PCs in customer LAN, the network was ISDN connection to ISP, When I pinged the CISCO ISDN router from that two PCs I got time out but when I changed the ip of that PCs I got reply from router so I formate the two PCs and the problem fixed, I think the problem in the PC not in VPN configuration