Will VPN Crypto disconnected just like that?

cindylee27 · ‎12-20-2006

Hi,

Would like to check if 2 routers are connecting through WAN Link, and when the 2 routers are isolated, Will the crypto tunnelling just lost like that?

I have a problem where this is happening..

Can advise?

TIA.

spremkumar · ‎12-20-2006

Hi

Your VPN (crypto) tunnel which is a logical one is build over the physical pipe which connects you to the remote location or to your SP which connects you to the outside world.

So when your physical link goes down the vpn tunnel build over that will also go down since you don't have the reachability to the respective vpn peers..

regds

cindylee27 · ‎12-20-2006

Hi Sprem,

Thanks for your reply. But the weird thing is when both the routers are online back again, the VPN tunnelling is not working any more. Have compare the configuration and there is nothing changed since the last disconnection.

I am not sure why this is happening.

Need more enlightening from you or any same scenario happened before like tat.

Thanks again!

spremkumar · ‎12-20-2006

hi

You can make use of show crypto session and show crypto isakmp sa to verify the active session.

Also you can use show crypto ipsec sa to find out the packet encap/decap stats..

Are you gettin any error logs related to IPSEC Tunnels out there in your router when your tunnel disconnects ?

what kinda connectivity you have in between these locaitons ?

Can you also post your configuration here ?

regds