cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
383
Views
0
Helpful
2
Replies

Ikev2 COnnection starts dropping after 30s if multiple devices connect

Abid7897061
Level 1
Level 1

Ikev2 COnnection starts dropping after 30s if multiple devices connect, with one device its stable however with multiple devices it resets after 30s any clue what 

 

crypto ikev2 proposal AES256
encryption aes-cbc-256
integrity sha256
group 16


crypto ikev2 policy 20
proposal AES256

 

crypto ikev2 profile DN
match identity remote any
identity local dn
authentication remote rsa-sig
authentication local rsa-sig
pki trustpoint ********

 

crypto dynamic-map TESTV2 400
set security-association lifetime seconds 1200
set transform-set ESP-AES-256-SHA
set pfs group5
set ikev2-profile DN

 

crypto map DDT 400 ipsec-isakmp dynamic TESTV2

 

2 Replies 2

Hi,
Is this a new VPN? Has it worked previously?
What IOS software version are you running?

Please can you enable IKEv2 and IPSec debugs prior to a disconnect, test and once the session disconnects disable the debugs and upload for review.

Please provide the output of "show crypto ikev2 sa" and "show crypto ipsec sa"

curdubanbogdan
Level 1
Level 1

Hello,

 

Please point:

-what type of wan connection does the router/firewall has?

-what is the global security-association lifetime? show crypto security-association lifetime from global-config-mode

-show logs, to see if some rekeying is done or if some license limitation is occuring. (how many connection are you about to configure?)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: