cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
223
Views
10
Helpful
5
Replies
Participant

IPSec VPN Tunnel UP/Down Logging Message

Hi,

I would like to know why my IPSec tunnel is up/down state on every day .When i  use sh ip int bri command  

tunnel status is always up.But i when i use "show logging "  , show as below messages.Let me know it is normal ? it will effect to performance ?

 

Log Buffer (4096 bytes):
81: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
000540: Jan 28 18:18:11.193: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
000541: Jan 29 03:50:07.001: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
000542: Jan 29 03:50:07.162: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
000543: Jan 29 08:58:24.006: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
000544: Jan 29 08:58:24.181: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
000545: Jan 29 12:26:00.013: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
000546: Jan 29 12:26:00.173: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
000547: Jan 29 16:42:05.014: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
000548: Jan 29 16:42:05.028: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=xxx.xxx.xxx.xxx.182, prot=50, spi=0xCACEE2BF(3402556095), srcaddr=xxx.xxx.xxx.xxx, input interface=Tunnel0
000549: Jan 29 16:42:05.193: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
000550: Jan 29 19:22:55.013: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
000551: Jan 29 19:22:57.534: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
000552: Jan 31 08:50:24.045: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
000553: Jan 31 08:50:24.056: %CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=xxx.xxx.xxx.xxx, prot=50, spi=0x58EF3CFF(1492073727), srcaddr=xxx.xxx.xxx.xxx, input interface=Tunnel0
000554: Jan 31 08:50:24.306: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up

Everyone's tags (1)
5 REPLIES 5
Highlighted
VIP Advisor

Re: IPSec VPN Tunnel UP/Down Logging Message

You need to 'debug crypto isa' to see the message received when the tunnel
goes down.

*** please remember to rate useful posts
Highlighted
Participant

Re: IPSec VPN Tunnel UP/Down Logging Message

Hi,

if i run debugg ,it will effect existing operation ?

or it will run background ?

Highlighted
VIP Advisor

Re: IPSec VPN Tunnel UP/Down Logging Message

no it won't. This is light command. Just apply it and turn on term mon.

*** please remember to rate useful posts
Highlighted
VIP Advocate

Re: IPSec VPN Tunnel UP/Down Logging Message

If you have multiple VPN tunnels, use the debug crypto condition peer <peer IP> command to limit the amount of output it will generate.

--
Please remember to select a correct answer and rate helpful posts
Highlighted
Participant

Re: IPSec VPN Tunnel UP/Down Logging Message

Hi,

I applied all debug but i didn't see any log.Only i see tunnel up down state.

I noticed as below.

Our branch staff go back home after office hour ,all computers are shutdown except router and switch.Next day they start computer cannot communicate to DC server.That time,tunnel is up down state.After DC server ping to their site,tunnel is up state and they can connect to DC server.it is related with initiator and responder  ?

Everyone's tags (1)
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here