Hi All,
Have just configured an IPSec VPN peered with a Fortigate 610B. The issue i am having is that the line-protocol keeps going down due to inactivity on the tunnel.
I have keep alives configured as you will see below, however they dont appear to be working...
Any suggestions would be appreciated.
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key <password> address y.y.y.y
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set 3DES-SHA-HMAC esp-3des esp-sha-hmac
!
crypto ipsec profile Crypto-01
set transform-set 3DES-SHA-HMAC
!
!
!
!
!
!
interface Tunnel1
ip address 10.255.255.5 255.255.255.252
keepalive 5 3
tunnel source x.x.x.x
tunnel destination y.y.y.y
tunnel mode ipsec ipv4
tunnel protection ipsec profile Crypto-01
service-policy output p-map01
CLEC-C2811-VPNC#sh interfaces tunnel 1
Tunnel1 is up, line protocol is down
Hardware is Tunnel
Internet address is 10.255.255.5/30
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (5 sec), retries 3
Tunnel source x.x.x.x, destination y.y.y.y
Tunnel protocol/transport IPSEC/IP
Tunnel TTL 255
Fast tunneling enabled
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Tunnel protection via IPSec (profile "Crypto-01")
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
172 packets input, 17949 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
118 packets output, 10052 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
