Hi All
We have VTI tunnel setup with another site over the internet. We are seeing a behavior where tunnel interface going protocol down during the night but there is one active IPSec security association created. During the night no traffic is getting passed over this SA but still that is not getting deleted but during the night tunnel interface (VTI) goes protocol down. So problem is when in the morning traffic initiated from remote site traffic is getting passed to main site via that active SA but that not kiks the VTI tunnel UP so revers traffic get lost.
But When ever there is new IPsec SA created that make the tunnel UP
Does any one know what is this behavior. from our end we are having a CISCO3925 and remote end having netscreen FW (which I'm not having the access). below are the IPsec lifetimes and other parameteres
IPSEC profile Virtual-Tunnel
Security association lifetime: 4608000 kilobytes/3600 seconds
Responder-Only (Y/N): N
PFS (Y/N): Y
DH group: group2
Transform sets={
Encrypt-Set: { esp-256-aes esp-sha-hmac } ,
}
Thanks in advance
Sachintha