IPSEC Intermitency

DANMOH009DANMOH009 Member Posts: 241
Not really sure if this is a CCNA security level question, but i thought this would be the best place to put it as i recently passed this exam and feel im at this level.

Im currently working for an ISP managing customer equipment and Ive noticed from time to time we come across a few intermittent ipsec problems. Majority of the time its a fault with the physical connection.

However there are times when the physcial connection is solid no errors and perfect, i was wondering in this scenario where would you look?

I mean the config will be the same on both sides of the tunnel, as its established, and if the routing is fine, are there others areas you can look??

I appreciate the uestion is very vague im just wondering if people who do diagnose issues like this day to day, do you guys have a specific troubleshooting process.

Thanks in advance.

Comments

  • TheNewITGuyTheNewITGuy Member Posts: 169 ■■■■□□□□□□
    Is it timing out? stopped passing traffic? what do the encaps/decaps look like when the issue is occuring along with your errors and discarded packet count in show crypto ipsec sa?
  • DANMOH009DANMOH009 Member Posts: 241
    Its not a specific issue as such, and majority of the time is between a cisco and another vendor. I just dont really know where to look.

    You say a show crypto ipsec sa - Am i just looking if the traffic is being encapsulated here? coz if so then yes i can see it encapsulated then all of a sudden traffic just stops, and its not physical connection related.
  • xXErebuSxXErebuS Member Posts: 230
    Is it timing out? stopped passing traffic? what do the encaps/decaps look like when the issue is occuring along with your errors and discarded packet count in show crypto ipsec sa?

    Cisco default tunnel time is 24hrs; after that it will drop.

    We had a site to site VPN where the vendor refused to change keepalive so we said f it and created a ping batch script on it to generate traffic to keep it alive.
Sign In or Register to comment.