RE: ipsec isakmp problem
Title: RE: ipsec isakmp problem Have you checked your "isakmp policy lifetime" should be same on both end if you want to initial the tunnel from each end? Cheers. Frank Chen -Original Message- From: Ibrahim [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 4 October 2000 17:01 To: [EMAIL PROTECTED] Subject: ipsec isakmp problem Hi group, We installed tunnel & ipsec (using GRE, isakmp-preshare, cisco 3640 & IOS 12.0.7XK1) between 2 routers. Then tunnel & ipsec can work, but the problem is after the session expired, the ipsec can't establish anymore, and we've to run this command "clear crypto sa" manually on both routers, and the session can be established. I heard IOS 12.0.7XK1 has a problem in IPSEC, but I can't upgrade our 3640, every time I upgrade to any 12.1 version, All the interfaces disappear in configuration. TIA, Ibam **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ipsec isakmp problem
I have not researched the 3600 IOS issues (what's available), but I know we found 11.2(22A) was the only stable IPSec version for the 4700's. Crazy as it may seem, this was proven after a month in the lab. You may need to back way down in version, & you are right- generally the disappearing interfaces is software issued. In the past (for me), this was caused by incompatable boot ROM's too. Check with you Cisco rep. & take his or her advice with a few teaspoons of salt :-) Good Luck !!! Phil - Original Message - From: "whatshakin" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 05, 2000 12:42 AM Subject: Re: ipsec isakmp problem > So downgrade ! > > - Original Message - > From: Ibrahim <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, October 03, 2000 11:00 PM > Subject: ipsec isakmp problem > > > > > > > > Hi group, > > > > We installed tunnel & ipsec (using GRE, isakmp-preshare, cisco 3640 & IOS > > 12.0.7XK1) between 2 routers. Then tunnel & ipsec can work, but the > problem > > is after the session expired, the ipsec can't establish anymore, and we've > > to run this command "clear crypto sa" manually on both routers, and the > > session can be established. > > > > I heard IOS 12.0.7XK1 has a problem in IPSEC, but I can't upgrade our > 3640, > > every time I upgrade to any 12.1 version, All the interfaces disappear in > > configuration. > > > > TIA, > > Ibam > > > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > > http://www.groupstudy.com/list/Associates.html > > _ > > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > > FAQ, list archives, and subscription info: http://www.groupstudy.com > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > > > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ipsec isakmp problem
So downgrade ! - Original Message - From: Ibrahim <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, October 03, 2000 11:00 PM Subject: ipsec isakmp problem > > > Hi group, > > We installed tunnel & ipsec (using GRE, isakmp-preshare, cisco 3640 & IOS > 12.0.7XK1) between 2 routers. Then tunnel & ipsec can work, but the problem > is after the session expired, the ipsec can't establish anymore, and we've > to run this command "clear crypto sa" manually on both routers, and the > session can be established. > > I heard IOS 12.0.7XK1 has a problem in IPSEC, but I can't upgrade our 3640, > every time I upgrade to any 12.1 version, All the interfaces disappear in > configuration. > > TIA, > Ibam > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: ipsec isakmp problem
Hi I would really recommend to go on 12.1.3ta for IPSEc, version 12.07any has the problem of asimmetric SA after some time has pass, (not only when the session expires). It will work for some cases, but for high traffic, forget it. We are using 3640 + 12.1.3ta, and it is working quite well... Of course, 12.1 will add a lot of problems on voice, routing, etc, etc :-) you will have to live with it Regards. Ibrahim wrote: > > Hi group, > > We installed tunnel & ipsec (using GRE, isakmp-preshare, cisco 3640 & IOS > 12.0.7XK1) between 2 routers. Then tunnel & ipsec can work, but the problem > is after the session expired, the ipsec can't establish anymore, and we've > to run this command "clear crypto sa" manually on both routers, and the > session can be established. > > I heard IOS 12.0.7XK1 has a problem in IPSEC, but I can't upgrade our 3640, > every time I upgrade to any 12.1 version, All the interfaces disappear in > configuration. > > TIA, > Ibam > > **NOTE: New CCNA/CCDA List has been formed. For more information go to > http://www.groupstudy.com/list/Associates.html > _ > UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html > FAQ, list archives, and subscription info: http://www.groupstudy.com > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] -- --- Javier Contreras Albesa Standard Trainer PRO IN Training S.L. PROfessional Information Networks World Trade Center, Moll de Barcelona S/N Edif Sur, Planta 4 Phone: (+34) 93-5088850 E-mail: [EMAIL PROTECTED] Fax: (+34) 93-5088860 Internet: http:// www.proin.com SHAPING THE FUTURE - BE PART OF IT! **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
ipsec isakmp problem
Hi group, We installed tunnel & ipsec (using GRE, isakmp-preshare, cisco 3640 & IOS 12.0.7XK1) between 2 routers. Then tunnel & ipsec can work, but the problem is after the session expired, the ipsec can't establish anymore, and we've to run this command "clear crypto sa" manually on both routers, and the session can be established. I heard IOS 12.0.7XK1 has a problem in IPSEC, but I can't upgrade our 3640, every time I upgrade to any 12.1 version, All the interfaces disappear in configuration. TIA, Ibam **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associates.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
