Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2078
Views
0
Helpful
3
Replies

IPsec VPN has gone down, and will not come back up...

echong481
Level 1
Level 1

‎10-11-2011 05:22 PM - edited ‎02-21-2020 05:39 PM

I'm no cisco genius, and the network engineer that setup our network is out on vacation... go figure...

anyway we are using IPsec VPN with a 3750 switch and a 2921 router at our headquarters.  Off site we are using 2911 routers. We've had no issues with our VPN until now... As far as i know no changes have been made to any of our network equipment to point to the VPN failure... the tunnels just went down abruptly and won't come back up.  I've tried restarting the routers/switches, to no avail.

any leads or help will be greatly appreciated.

Labels:
0 Helpful
3 Replies 3

cashqoo
Level 1
Level 1

‎10-11-2011 05:59 PM

there are many possible reasons and you may want to try the following:

1> no interesting traffic - you may need to send some traffic across to the remote site/s in order to establish the tunnels

2> try to check the syslogs if there is any information or errors.

3> run commands to verify the status, show crypto isakmp sa, show crypto ipsec sa

4> run debug commands, debug crypto isakmp, debug crypto ipsec

0 Helpful

echong481
Level 1
Level 1
In response to cashqoo

‎10-11-2011 06:03 PM

wellll... the vpn just decided it gave me enough of a heart attack and decided to come back up...

no idea why... any measures i can take to make sure this doesn't happen again?  Do the tunnels need traffic in specific intervals to maintain the connection?

0 Helpful

cashqoo
Level 1
Level 1
In response to echong481

‎10-11-2011 06:30 PM

vpn can be configured with keepalive.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution07

as for the counter measures, you may have to determine the root cause, possibly by checking the logs on both ends.

you can also check the configuration if they have been configured with keepalives.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents