VPN drop every 3 weeks

Sebastian Albert · ‎11-24-2017

Hello everyone I ask for help.

Every 3 weeks drop the VPN and the status of it is as follows:

IKEv1 SAs:

Active SA: 2
Rekey SA: 1 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 3

1 IKE Peer: 192.168.119.1
     Type: L2L Role: answer
     Rekey: no State: MM_REKEY_DONE_H2
2 IKE Peer: 192.168.119.1
     Type: L2L Role: answer
     Rekey: yes State: MM_ACTIVE_REKEY
3 IKE Peer: 192.168.119.1
     Type: user Role: reply
     Rekey: no State: MM_BLD_MSG4

When we do a clear isakmp SA the VPN becomes active.

Does anyone know what the problem may be?

Best regards.

Flavio Miranda · ‎11-24-2017

Hi @Sebastian Albert

Do you have vpn-idle-timeout set at any value?

If so, you can put is as none.

-If I helped you somehow, please, rate it as useful.-

Sebastian Albert · ‎11-24-2017

Hi Flavio in this vpn site to site i dont have vpn-idle timeout configure.

Best regards.

GioGonza · ‎11-24-2017

Hello @Sebastian Albert,

The concern here is with the RE-KEY process and there should be the problem, now in order to know what´s going on we need to turn on the logs and grab them when this happens. Only in that case we will know what´s really happening with the connection and see if there is any workaround for that situation.

If you already have them, share the logs and I can take a look.

HTH

Gio

Sebastian Albert · ‎11-24-2017

Thanks Gio,

I do not have the debugs because as it is a critical vpn we did not have time to perform checks and we did the clear isakmp and the vpn was restored. The problem is rare because the VPN works perfectly and when it falls it appears in that state.