cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
921
Views
4
Helpful
4
Replies

S2S VPN issue

sarath.narayan
Level 1
Level 1

Hi,

Customer setup:-

Server end device: Cisco 1900 Router

Remote end device: Checkpoint Firewall

Issue:-

VPN phase 1 status first showing active then to deleted state.

 

Work Around done:-

Resetted crypto-map and crypto map configured interface, re-configured vpn, no change observed in the issue.

Finally changed peer IP(public reachable IP) at Cisco Router end and adding the new IP in configuration at both end devices in place of old IP resolved the issue.

 

Observation:-  

We are changing the public IP for the second time in 2 days because of same reason.

 

Clarification expecting:-

Why VPN is going down and why changing peer IP resolved the issue?

After 2 days VPN may again go down. So need a permanent solution for this issue. 

 

Expecting some expert comments.

 

 

  

4 Replies 4

rizwanr74
Level 7
Level 7

Check phase 1 and phase 2 parameters on your router, these info must have given to you by remote tunnel administrator to establish the tunnel.

 

thanks

 

 

 

 

Parameters are matching for phase 1 and 2. Other end administrator have confirmed us, and also after changing the public IP at our end and updating new IP in other end VPN configuration, VPN is working perfectly. 

All services for both peer IPs are allowed at both ends and also in other intermediate devices as well.

The tunnel was implemented 2 months before, this issue started 3 days back.

shine pothen
Level 3
Level 3

Hi sarath

 

I just had a quick look at your configuration and everything looks good.

what is the status on the other side device, do you have any idea what configuration are done on the remote end.

few parameters should match on both the side so that the site to site works.

Parameters are matching for phase 1 and 2. Other end administrator have confirmed us, and also after changing the public IP at our end and updating new IP in other end VPN configuration, VPN is working perfectly. 

All services for both peer IPs are allowed at both ends and also in other intermediate devices as well.

The tunnel was implemented 2 months before, this issue started 3 days back.