From: Serhat Aslan (serhatworks@gmail.com)
Date: Thu Jul 19 2007 - 05:40:08 ART
Hi Muhabat,
I saw this problem at several ios platform. Probably this problems come
from wrong SPI sync. You can use this commands for best practice for both
sides.
- Use crypto isakmp invalid-spi-recovery for static vpn configurations.
-Use crypto isakmp keeaplive for dynamic vpn configurations, or you can
use both of them.
Before applying them try to generate the problem at tests platform. You can
test them with "clearing crypto isakmp/sa/session" with them repeative
sequence, don't wait too much when using this commands.
-------
Serhat Aslan
On 7/19/07, Muhabat <muhabat@gmail.com> wrote:
>
> Hi all,
>
>
>
> Last day our network went down for no apparent reason.. We are using a
> firewall with sub interface configuration. This sub interface is
> connecting
> with different geographical locations through VPN.
>
>
>
> one of those remote vpn sides has miss configured their part, and suddenly
> our side stop sending any kind of traffic to this sub interface, even to
> vpns other than one which was causing problem.
>
>
>
> Only solution was to remove the tunnel for vpn which has miss
> configuration.
> And then traffic to all vpn ends started again, including miss configured
> VPN. This miss configuration was not on our part but from other end. We
> don't have control on any of other end configuration. I want to know what
> was reason and how to stop it from happening gain, logically if some one
> miss configured his side then that problem should not replicate to all of
> configuration to our side.
>
>
>
>
>
> If needed configuration of both sides can be provided.
>
>
>
> Thanks in advance.
>
>
>
>
>
> Best Regards,
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:41 ART