Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
830
Views
0
Helpful
3
Replies

IP Sec Flapping help required urgent

Dinesh Kumar Mariappan
Level 1
Level 1

‎01-10-2014 01:51 AM - edited ‎03-07-2019 05:28 PM

Hi Team

We have Site A, B & C taken the MPLS link from SP.

We had configurted the IP sec between these 3 sites. We enable the Eigrp protocol and advertise the routes from one site to other. Now the issue. We not observed any flapping issue between our site to ISP site.  EIGRP showing up past 2 weeks. But Crypto session between A&C  site is continusoly flapping.

I check the Log in the  in my C Site. I had observed

%IOSXE_PEM-6-PEMFAIL: The PEM in slot o is  switches off or encountering failure condition.

%IOSXE_PEM-6-PEMOK: The PEM in slot o is  functioning properly

Continuosly these error was coming please explain. Is this is reason for crypto session flapping.. How to resolve this issue

Labels:
0 Helpful
3 Replies 3

mvsheik123
Level 7
Level 7

‎01-10-2014 01:21 PM

Hi Dinesh,

As far I know, PEM errors relates to Power modules. Check the power supply. I don't think your crypto session flap relates to this. Both issues started at the same time? Crypto session flaps at the same time as PEM Fail errors pops up?

Any logs relates to crypto session issues (apart from session down/up)?

Thx

MS

0 Helpful

Dinesh Kumar Mariappan
Level 1
Level 1
In response to mvsheik123

‎01-10-2014 10:15 PM

i dont received any error.. But If i checked crypto session. peer is Showing Down-Negotiating, UP-idle  few  minutes IP sec was Up then agin it is getting flapped. any way issue solved automatically. but we dont why it was  happened.

My query is WAN link having no issue then how IPsec was flapping.. What are possible things for flapping this.. I am not have much knowledge about it. Still i am not sure wheather i am communicated query in right way....

0 Helpful

paul driver
VIP
VIP
In response to Dinesh Kumar Mariappan

‎01-11-2014 01:45 AM

Hello

When you say the crypto sessions are flapping are you mistaking this for a isakmp timeout and IPSec session refreshes

Have you set any specific isakmp and IPSec SA timers.
Are you using. Certificate or pre-share keys.

Can you post some output for these tunnels

Sh crypto isakmp sa
Sh crypto isakmp session
Sh crypto IPSec sa
Sh crypto ip session

Res
Paul




Sent from Cisco Technical Support iPad App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents