12-20-2006 07:03 PM - edited 03-03-2019 03:07 PM
Hi,
Would like to check if 2 routers are connecting through WAN Link, and when the 2 routers are isolated, Will the crypto tunnelling just lost like that?
I have a problem where this is happening..
Can advise?
TIA.
12-20-2006 09:02 PM
Hi
Your VPN (crypto) tunnel which is a logical one is build over the physical pipe which connects you to the remote location or to your SP which connects you to the outside world.
So when your physical link goes down the vpn tunnel build over that will also go down since you don't have the reachability to the respective vpn peers..
regds
12-20-2006 11:09 PM
Hi Sprem,
Thanks for your reply. But the weird thing is when both the routers are online back again, the VPN tunnelling is not working any more. Have compare the configuration and there is nothing changed since the last disconnection.
I am not sure why this is happening.
Need more enlightening from you or any same scenario happened before like tat.
Thanks again!
12-20-2006 11:18 PM
hi
You can make use of show crypto session and show crypto isakmp sa to verify the active session.
Also you can use show crypto ipsec sa to find out the packet encap/decap stats..
Are you gettin any error logs related to IPSEC Tunnels out there in your router when your tunnel disconnects ?
what kinda connectivity you have in between these locaitons ?
Can you also post your configuration here ?
regds
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide