Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
552
Views
0
Helpful
1
Replies

Crypto IPSec/MPLS

don.rodriques
Level 1
Level 1

‎01-14-2016 09:38 AM - edited ‎02-21-2020 08:37 PM

new to this crypto ipsec.I have four sites set up for vpn connection.every now and then a site drops off and i loose communication locally but can still hit the vpn. after rebooting router 819, communication comes back. one site is the head and i have the other to communicate with head. an example of my typical config is below.

crypto isakmp policy 1
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key test1 xxxxxxxx address xx.xx.xxx.xxx
crypto isakmp invalid-spi-recovery
crypto isakmp keepalive 10
!
!
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
mode tunnel
!
!
!
crypto map test1_VPN_Tunnel 10 ipsec-isakmp
set peer xx.xx.xxx.xxx
set transform-set ESP-3DES-MD5
match address headrouter

I am missing something? should i be using aes/sha

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-15-2016 01:00 AM

It it works and fails intermittently and needs a software reboot to make it work then you are probably looking at a software defect.  Try changing to a gold star release.

Personally, I don't think anyone should be used DES, 3DES or MD5 - but this will not be related to your issue.

0 Helpful
Customers Also Viewed These Support Documents