IKE/IPSec problem

Raymakers, Guy guy.raymakers at eds.com
Tue Aug 7 09:49:34 EDT 2001


Hi All,

I've the following situation : 

	HQ Network ------ VPN RTR ------ Leased Line ------ Internet
-------- ISDN------- Remote VPN RTR ----remote network

The scenario is : the Remote VPN RTR has an active SA with the VPN RTR. For
a while there's no data going over the ISDN line so the idle timer drops the
connection. Some moments after this , due maintenance or something , the
central VPN RTR is rebooted or all the SA's are cleared. After the reboot
the central VPN RTR has no active SA's while the Remote VPN RTR still has
the 'old' established SA active. When the Remote wants to send data again,
the ISDN link comes up and the Remote VPN RTR will start sending data using
the old SA.  From my tests, I had to manually clear the SA's on the Remote
VPN RTR to get the IPSEC up and running again. Does anyone have experienced
this also and found a solution for it ? 

The routers are Cisco 's 1720 and 7140...

Many Thanks
Guy


VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list