cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
431
Views
1
Helpful
3
Replies

DMVPN-5-CRYPTO_SS:socket is DOWN

R Manjunatha
Level 3
Level 3

Hi 

The DMVPN tunnel was reset, which caused the BGP session to reset as well. We observed that the DMVPN crypto socket is down. What could be the issue? We suspect it might be related to the ISP, but they have reported no abnormalities in their logs

DMVPN-5-CRYPTO_SS:tunnel 1 :local address xxxxx remote tunnel addressXXXX socket Down

1 Accepted Solution

Accepted Solutions

Enes Simnica
Level 1
Level 1

hey there. The DMVPN tunnel crypto socket going down suggests a potential issue with the ISP, despite no abnormalities in their logs. Check for intermittent packet loss, routing changes, or subtle connectivity issues by running continuous ping or tracert tests to the ISP gateway or remote peers.

Also (it might be) if NAT is being used on the ISP side or between you and the remote site, it could affect the DMVPN tunnel. The socket down message might be a result of the crypto key exchange being interrupted by NAT inconsistencies.Verify if any changes were made to the NAT configuration by the ISP or local firewall.

 

-Enes

 

more Cisco?!
more Gym?!

View solution in original post

3 Replies 3

Enes Simnica
Level 1
Level 1

hey there. The DMVPN tunnel crypto socket going down suggests a potential issue with the ISP, despite no abnormalities in their logs. Check for intermittent packet loss, routing changes, or subtle connectivity issues by running continuous ping or tracert tests to the ISP gateway or remote peers.

Also (it might be) if NAT is being used on the ISP side or between you and the remote site, it could affect the DMVPN tunnel. The socket down message might be a result of the crypto key exchange being interrupted by NAT inconsistencies.Verify if any changes were made to the NAT configuration by the ISP or local firewall.

 

-Enes

 

more Cisco?!
more Gym?!

balaji.bandi
Hall of Fame
Hall of Fame

This may caused different issue underlay.

1. check Layer2 and Layer 3 connection and reachability ?

2. is this only one having issue ?

3. what other logs you see both the side ?, (is the log from head end or branch side ?)

Follow below troubleshooting tips ;'

https://www.cisco.com/c/en/us/support/docs/security/dynamic-multipoint-vpn-dmvpn/111976-dmvpn-troubleshoot-00.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Socket down' meaning there is issue with IPSec 

Try clear crypto ipsec sa and check again 

MHM

Review Cisco Networking for a $25 gift card