Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
0
Helpful
1
Replies

VPN issue between SRP 512W and ISR 1811

CSCO11991001
Level 1
Level 1

‎02-29-2012 04:21 AM

Hi, fellows,

I have some problems with making stable VPN between SRP512W and ISR1811.

    Configuration:

       - IKE policy - 3DES/SHA1 group2(1024bits)

       - crypto map on ISR1811

One of the main issues I've noted appears when SRP loose it's IP connectivity to remote router, even if this connectivity interruption lasts for only couple of seconds. When the IP connectivity is restored SRP is unable to re-establish the IPSec session. There is connect/disconnect option in SRP menu (Status -> VPN Status -> Connect/Disconnect) and automatic VPN disable (VPN -> Site-to-Site VPN -> IKE policy -> Enable Dead Peer Detection) yet I couldn't found any option for nor automatic mechanism for VPN reconnection when the IP connectivity is reestablished. This issue lead to interruption of Site-to-Site VPN service when there is some short outages within the ISP network.

Another issue is building GRE tunnels between the same devices. Can you verify my configuration? Belive it or not - I spent more than 4-5 hours and couldn't do it.

    ISR:

     interface Tunnel1

      ip address <Tunnel IP Address / NetMask>

      tunnel source <ISR IP Address>

      tunnel destination <SRP Address>

      tunnel mode gre ip

    SRP:

     VPN -> GRE Tunnel -> Tunnel 1; WAN interface, destination IP, remote ip address/network /the tunnel seems up, but there are no IP connectivity and traffic flow

Should I make some additional settings/configurations ?

Labels:
0 Helpful
1 Reply 1

Andrew Hickman
Cisco Employee
Cisco Employee

‎02-29-2012 08:57 AM

Hi,

Could you please let us know which firmware you are using? 

For GRE, I've used the following IOS before:

interface Tunnel0

  ip unnumbered FastEthernet0/1

  tunnel source FastEthernet0/1

  tunnel destination

!

interface FastEthernet0/1

  ip address dhcp

  duplex auto

  speed auto

!

! Route to SRP remote subnet.

ip route 192.168.150.0 255.255.255.0 Tu0

!

SRP config is probably what you have: All defaults, Destination IP = IOS WAN, Remote IP = IOS LAN subnet.

See for more details.

Hope that helps.

Andy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents