10-14-2013 07:58 AM
I have a pair of 3945E routers I use as redundant VPN head-ends in our data center and numerous 2901 and one 2951 used as spoke routers. Each of the spokes is connected to the 3945's over VTI tunnels three and four. We regularly see replay errors occur, but this morning, we had it get disruptive enough on one of the tunnels on the 2951 where we were experienced 80 to 90 percent packet loss across that one tunnel. This caused an outage which I was only able to rectify by shutting down the tunnel interface on each router and bringing them back up, thus resetting the SA.
I'm needing to understand how to reduce or completely eliminate the replay errors. I've read something about increasing the replay window size, but don't have a clue where to start. What is the best way to fix this without disabling replay checking? Or, since the VPN head-ends and spoke routers only have static routes established across the Internet to each other, is replay checking even necessary or desired?
Thanks in advance!
Paul WIshart
10-29-2013 11:01 AM
Hi Paul - I am facing the same issue with exactly the same setup. Just wondering if you ever found a resolution?
10-29-2013 11:30 AM
Adam,
I don't have a resolution yet, so I opened a TAC case last Saturday. I'll keep you posted on this forum.
10-29-2013 12:32 PM
Thanks Paul. I will do the same if I am able to sort through it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide