cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

137
Views
0
Helpful
2
Replies
Highlighted
Beginner

Ikev2 COnnection starts dropping after 30s if multiple devices connect

Ikev2 COnnection starts dropping after 30s if multiple devices connect, with one device its stable however with multiple devices it resets after 30s any clue what 

 

crypto ikev2 proposal AES256
encryption aes-cbc-256
integrity sha256
group 16


crypto ikev2 policy 20
proposal AES256

 

crypto ikev2 profile DN
match identity remote any
identity local dn
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint ********

 

crypto dynamic-map TESTV2 400
set security-association lifetime seconds 1200
set transform-set ESP-AES-256-SHA
set pfs group5
set ikev2-profile DN

 

crypto map DDT 400 ipsec-isakmp dynamic TESTV2

 

2 REPLIES 2
RJI Advisor
Advisor

Re: Ikev2 COnnection starts dropping after 30s if multiple devices connect

Hi,
Is this a new VPN? Has it worked previously?
What IOS software version are you running?

Please can you enable IKEv2 and IPSec debugs prior to a disconnect, test and once the session disconnects disable the debugs and upload for review.

Please provide the output of "show crypto ikev2 sa" and "show crypto ipsec sa"
Beginner

Re: Ikev2 COnnection starts dropping after 30s if multiple devices connect

Hello,

 

Please point:

-what type of wan connection does the router/firewall has?

-what is the global security-association lifetime? show crypto security-association lifetime from global-config-mode

-show logs, to see if some rekeying is done or if some license limitation is occuring. (how many connection are you about to configure?)

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here