IPSec tunnel down issue

h.dam · ‎07-13-2011

Hi,

I've mounted a IPSec G2G tunnel with Cisco ASA one end & Cisco router 1802 another end. The 1802 is connected to a BT 2wire Gateway Router to join the BT network. But from time to time, the tunnel goes down for several hours (or several minutes) then goes up again without reason.

I've checked the IPSec configuration, it seems correct. Anyone has experience on the BT 2wire Gateway Router ? Any know issue between Cisco box and this BT box?

Thanks a lot.

Regards,

h.dam

Srikanth K. S · ‎07-21-2011

Hi h.dam,

Here are the details that we need to troubleshoot the problem,

- A simple topology, of how the devices are connected? for eg, (in) ASA (out) ==== Router ----- BT 2wire..

- The configuration from the router and the ASA.

- Also, the debugs from the devices at the time of the issue, ie, when the tunnel goes down up and comes back up.

If you have multiple tunnels configured on the devices, you can configure debugs as,

debug crypto condition peer PEER_IP_ADDRESS

Debug commands on the ASA,

debug crypto isakmp 127

debug crypto ipsec 127

Debug commands on the router,

debug crypto isakmp

debug crypto ipsec

Regards,

Srikanth.

h.dam · ‎07-21-2011

Thank you Srikanth. The ISP has changed another BT gateway router. Things seem to work fine. The topo is:

ASA(out) ===BT gateway router -------(wan)Cisco C1802 (lan) --------10.1.1.0/24

But another strange thing appears as follows:

1) Ping from ASA => (wan) C1802 OK

2) Ping from ASA => C1802(lan) Failed

Users in the Lan said they can use email and other apps. I don't know why I cannot ping the hosts in the Lan.

A IPsec tunnel is mounted from ASA to (wan)C1802. It is just a VPN endpoint

Regards,

h.dam