Site-to-Site VPN breaks after reset of the router
Hi all
I have a very difficult problem. I have a CallManager server on one site (Site A) configuration and IP phones which connect you via tunneling IPSec VPN site-to site to Site B. WAN link to Site B (cable ISP with IP static) can be a tad bit reliable at times. Everything worked perfectly, except when the router resets or loses connection at site B, smashing everything. I have the option tftp 150 defined on the server CUCM on Site (192.168.10.250). The tunnel is NOT upward automatically after a router loses connection, and once this is the case, it seems that I can't help that can restore full connectivity. I know I must be missing something, but have no idea what. The nbar-Discovery Protocol on the external interface of the router on the Site B shows TFTP and Skinny packets go out, but nothing back in. I can't ping all internal resources on the Site A of Site B. I'm doing a "isakmp crypto to show his" on each router and it shows the tunnel as being upward. In order to back up the tunnel, I need to access the router on the Site A with the SDM tool and do a 'test' of the VPN tunnel. It shows it as inactive, and when I have SDM generate traffic, using the source IP address as 192.168.10.1 (inside the interface of the router on the Site A) and destination IP of 192.168.11.1 (inside the interface of the router on the Site B), the tunnel back to the top. Yet, even if the tunnel is restored, nothing works as much as to be able to ping site starting tftp from Site A to Site B and Site B. Any help on this is GREATLY appreciated. Any suggestions on how to configure a VPN site-to-site-reliable so that if cnnection is lost on one end, the tunnel back upward and devices on Site B can access resources such as on Site A CallManager server. Thanks in advance!
Hello
One way you can have the tunnel come back automatically even if it breaks down is configure SLA monitoring on one of the routers of the site so that it sends periodic pings inside the IP address of the router on the other site. For example, on the Siite to configure it for SLA monitoring of IP than his inside source 192.168.10.1 and making ping inside the interface of Site B interface regularly, 192.168.11.1. Configuration guide, please see the below page:
http://www.Cisco.com/en/us/docs/iOS/12_4/ip_sla/configuration/guide/hsicmp.html#wp1027188
About traffic has not managed, pouvez you please paste the result of ' show cry isa his ', ' cry ipsec to show his ' and the configuration of the two routers if possible?
Kind regards
Assia
Tags: Cisco Security
Similar Questions
-
Old Airport Express lost after reset of the router, the connection cannot be seen/accessed
the train:
-Mid 2009 Macbook Pro, OS Yosemite airport 6.3.5 10.10.5, utility
-Existing wifi network via a former Ubiquiti AC wifi or router which gets internet radio antenna on the roof of the local ISP.
-old (1st gen.) A1084 Airport Express used only as a customer to listen to the music of the said Macbook.
I am a musician who has been using my old AEX to listen to the music and the recording via Airplay and Airfoil for my Roland onstage for years without problem. I don't remember how I initially put in place, but I think it's as a customer only... IE, it broadcast as its own wireless network, or extend my network wifi etc, I just use it for listening to music.
Well, a week earlier, a disgruntled rogue ex-my local ISP hacked their radio tower and all the customer routers turned into useless bricks (and also all our wifi network names changed to a name that begins with "mother" and ends by "-ers", but that's another story).
Local ISP technicians have managed to get my router all re - set up and working, but I had to reconfigure my wireless devices (example: wifi printer) from scratch to be able to connect again.
The tenacious hold on is this old Airport Express.
I try to use the instructions found online to get connected again, but nothing does.
Yes, I tried pressing the Reset button for 10 seconds, etc... He just goes at once orange flashing or sometimes solid orange light, and don't see the Airport utility. I tried to plug its ethernet port to the router's LAN port to see if the Airport utility, would see no change, Airport utility requires no base stations found. It has no Airport icon in my menu bar and no Airplay icon in any relevant application such as iTunes.
Remember that in past I was able to reset/reconnect after network changes, it seems to me (I don't remember how). BTW, its location is located a few feet from the router, in order to hang it up through ethernet is easy if need be.
Once again, I only want to not to listen to the music and the tracking records of my Macbook. Roland aren't in a convenient place for an electrician. As you can tell the age of my stuff, I'm a starving musician, don't want to have to buy something new.
Help?
Hello lisajoy,.
Thank you for using communities of Apple Support. I see that you are having some connection problems with your AirPort Express Terminal. You did a great job trying to get this resolved on your own! I'm happy to help you.
To solve problems, get connected Airport please try the steps in this link:
AirPort Express: How to join an existing Wi - Fi network in client mode
If you connect and are experiencing problems using AirPlay and iTunes heres some more information:
Wi - Fi base stations: how to install and configure AirPort Express for AirPlay and iTunes
Have a fantastic day!
-
WRT54GS cannot connect after reset of the router
Hi guys, so I use this modem that my friend gave me, works very well in its place. I wanted to reset the modem for reasons that I can't remember. (I am connected via a modem cable btw). The internet was working fine when I paste like a leech wireless instead of him, but when he took the router and connected here, it wouldn't work. I mean, it shows that I am connected to the router but the router is not connected to the internet. I got hard reset and all 192.168.1.1 copy stuff MAC PC but it won't always connect to internet... can someone help me?
He works now thx anyway
-
How to secure the network after reset of the router WRT54G2
Hello
I could reset the WRT54G2 router with no problems, I have the IP address as 192.68.2.1 right now, but when I try to record things in the wireless security mode to make my secure system loses connectivity, fall of red zone. Then I can not connect to 192.68.2.1 more. How can I make the network secure? I usually follow the steps for making it from docs online but seems to have problems with it. Is that I can make it safe with the 192.68.1.1 or the amount of the fine with 192.68.2.1?
San
Make sure that your computer is connected to the router by an Ethernet cable, if you try to change the settings on your router using a wireless computer, then you will face this problem. So wired your computer to the router, turn off the WiFi feature on your router and then changes on your router and you should be to save your router settings.
-
every time I erase content and settings on my iphone 6 after reset at the start of my phone and after crossing the screen as Hello > select language > wifi connection > my iphone doesnot ask me lock activation that says that your iphone is connected with the old apple ID, please enter the id and password
I always reset on find my optional equipment please tell me how to activate locking activation so that whenever I have factory reset my phone with finding my camera so my phone always ask an old apple and password
I do not understand your question, but let me go with what I believe. Looks like you entered in iCloud and erased all the content and settings on the iPhone, and once you go by assigning back up again, you do not see something that you expect to see, for example, a request for an Apple ID. When you go through the installation process to select the language, etc., it must, at some point, ask you to identify yourself with your Apple ID. are you not see this?
It would be better if you try to describe exactly what you do again. Also, without the help of any sign of punctuation, it is difficult to track everything you ask. Try providing the steps of what you do, and then what you see when you get to the point that you believe that something is going wrong. You mention both an old and new Apple ID, which is rather confusing.
-
SSL VPN may be configured on the router from Cisco 881/K9?
I'm now confused if SSL VPN can be configured on the router from Cisco 881/K9.
Please someone advise me.
If Yes, for only 5 users, what I need to buy the license or license is supplied with the router?
Thank you.
Yes, and you need a license:
FL-WEBVPN-10-K9
License SSL VPN functionality for up to 10 users (incremental), to 12.4 T based only IOS versions
FL-SSLVPN10-K9
License SSL VPN functionality for up to 10 users (incremental) for the only based 15.x IOS versions
-
How to unlock an ipad after reset of the manufacturer?
How to unlock an iPad after reset of a manufacturer. Purchased from a third party and do not know the original owner.
Without the previous owner Apple ID and password, the iPad doesn't help. Not even Apple can help you.
Get your money back if you can.
-
After reset, can the time change and the date even anyone help
Recently, I noticed that the date and time of office are not correct. After resetting the date and time, this happens again. I would appreciate any suggestions to help solve this problem
Hello
you don't say if it is up to an hour and date as in 2007 etc past after turned off your computer, and then turn it back on at a later date
If so, this would indicate a battery CMOS failed in the motherboard
the battery maintains system settings when the computer is turned off
they cost about $5
-
L2l VPN tunnel is reset during the generate a new IPSec key
I have a tunnel VPN L2L that resets completely, start with Phase 1, at the expiration of the timer of the IPSec Security Association. Although there are several SAs, it always resets all of the tunnel.
I see the following in the log errors when this happens:
03/06/2013 12:54:41 Local7.Notice ipRemoved June 3, 2013 12:54:41 LKM-NVP-L2L-01: % 713050-5-ASA: Group = ipRemoved, IP = ipRemoved, completed for the ipRemoved peer connection. Reason: Peer terminate Proxy remote n/a, Proxy Local n/a
03/06/2013 12:54:41 Local7.Notice ipRemoved June 3, 2013 12:54:41 LKM-NVP-L2L-01: % 713259-5-ASA: Group = ipRemoved, IP = ipRemoved, Session is be demolished. Reason: The user has requested
03/06/2013 12:54:41 Local7.Warning ipRemoved June 3, 2013 12:54:41 LKM-NVP-L2L-01: % ASA-4-113019: Group = ipRemoved username = ipRemoved, IP = ipRemoved, disconnected Session. Session type: IKE, duration: 4 h: 00 m: 06 s, xmt bytes: 260129, RRs bytes: 223018, reason: the user has requested
03/06/2013 12:55:33 Local7.Notice ipRemoved June 3, 2013 12:55:33 LKM-NVP-L2L-01: % 713041-5-ASA: IP = ipRemoved, IKE initiator: New Phase 1, Intf inside, IKE Peer ipRemoved local Proxy 204.139.127.24 address, address remote Proxy 156.30.21.200, Card Crypto (L2LVPN)
03/06/2013 12:55:33 Local7.Notice ipRemoved June 3, 2013 12:55:33 LKM-NVP-L2L-01: % 713119-5-ASA: Group = ipRemoved, IP = ipRemoved, PHASE 1 COMPLETED
Local7.Notice ipRemoved June 3, 2013 03/06/2013-12:55:33 12:55:33 LKM-NVP-L2L-01: % 713049-5-ASA: Group = ipRemoved, IP = ipRemoved, the security negotiation is complete for LAN - to - LAN Group (ipRemoved) initiator, Inbound SPI = 0x9213bdc9, outbound SPI = 0x1799a099
03/06/2013 12:55:33 Local7.Notice ipRemoved June 3, 2013 12:55:33 LKM-NVP-L2L-01: % 713120-5-ASA: Group = ipRemoved, IP = ipRemoved, PHASE 2 COMPLETED (msgid = b8a47603)
03/06/2013 13:02:11 Local7.Notice ipRemoved June 3, 2013 13:02:11 LKM-NVP-L2L-01: % 713041-5-ASA: Group = ipRemoved, IP = ipRemoved, IKE initiator: New Phase 2, Intf inside, IKE Peer ipRemoved local Proxy 204.139.127.71 address, address remote Proxy 156.30.21.200, Card Crypto (L2LVPN)
Local7.Notice ipRemoved June 3, 2013 03/06/2013-13:02:11 13:02:11 LKM-NVP-L2L-01: % 713049-5-ASA: Group = ipRemoved, IP = ipRemoved, the security negotiation is complete for LAN - to - LAN Group (ipRemoved) initiator, Inbound SPI = 0x93f9be6c, outbound SPI = 0x1799a16d
03/06/2013 13:02:11 Local7.Notice ipRemoved June 3, 2013 13:02:11 LKM-NVP-L2L-01: % 713120-5-ASA: Group = ipRemoved, IP = ipRemoved, PHASE 2 COMPLETED (msgid = 1f6c9acd)
Any thoughts on why she would do that?
Thank you.
Jason
Hello
Both the log messages seems to suggest that the remote end is closed/compensation connection.
Is this a new connection that suffer from this problem or has it started on an existing connection?
The Cisco documentation associated with the Syslog messages does really not all useful information about these log messages.
I guess that your problem is that TCP by L2L VPN connections suffer from the complete renegotiations of the L2L VPN.
I wonder if the following configuration can help even if this situation persists
Sysopt preserve-vpn-flow of connection
Here is a link to the order of the ASA reference (8, 4-8, 6 software) with a better explanation of this configuration.
http://www.Cisco.com/en/us/docs/security/ASA/asa84/command/reference/S8.html#wp1538395
It is not enabled by default on the SAA.
Hope this helps
-Jouni
-
waitForUpdates method does not detect updates after reset of the connection
Hello
In my case, I use waitForUpdates() method to detect the VMotions (. i.e. whenever a VMotion arrived I have trying the GET the update using this method). It works perfectly in case of normal use.
But all of a sudden after a reset of VC connection. This waitForUpdates() method makes me not updated.
When the session id gets modified waitForUpdates (propertyCollector, version) would also have a new propertyCollector object (to give you the new collector of property obtained with the new connection object), so even now why it does not return me the updates after the reset of the connection.
Please let me know if I'm doing something wrong in the treatment of this.
Please let me know how to handle the connection reset and collect updates later. Which can affect the waitForupdates in updates outside the collector property object to return.
I even tried with the checkForUpdates method was the same behavior.
Thanks in advance.
Please check if you create the PropertyFilter after reset connection. Good initialization of the filter property should solve your problem.
Thank you
Aditya
-
Windows asking a key, after resetting to the factory settings.
Hello
I have upgraded to windows windows 10 8, did not work and not a not works well, but I missed the deadline of one month to downgrade back. I had a problem when starting and decided to reset to the factory settings. Now I'm back on windows 8, which came with the laptop, but its asks me to enter the windows key 8.
I read about it being in the bios and no more on the laptop of physics, but I checked using belarc advisor and its give a product key with a lot of ' 0 which is not accepted in when you try to put in the actual key.
I bought the laptop from hp in 2014. Not exactly what should be done now, or how to get the key.
Hello
You need to reinstall the exact same edition of 8/8.1 as was originally preinstalled on it.
Follow these steps and do a phone Activation and brace yourself for a real person to help you.
"How to activate Windows 8 and 8.1 telephone"
http://www.eightforums.com/tutorials/24636-activate-Windows-8-phone.html
SECOND OPTION
To activate Windows by phone 8.1
1 do step 2, 3, 4, 5 or 6 below for what you want or able to do.
2. press on the Windows
+ R to open the Rusluisn dialog box, type slui.exe 4, press enter and skip to step 7 below.3 open an command prompt, type slui.exe 4, press enter and skip to step 7 below.
4. open the menu tasks power users, click/click on Systemand go to step 5 below.
5. open the Control Panel (Display icon)and click/click on the System icon.
(A) click/click on Activate Windows in lower-right corner to Activate Windowstitle and continue with step 7 below. (see screenshot below)
6 open PC config, click/click on Activate Windows on the left side.
Etc.
See you soon.
-
L2l VPN with public ip of the router and firewall with private IP
Dear all,
I have a requiremnt for site to site VPN configuration but the firewall on the remote end is not obtained public ip, public ip address is termintaed on the router. Please find the attached diagram
LAN--> Firewall - privateip--> router-publicip - ISP
How can I set up the site to site VPN tunnel, enjoy emergency assistance
Thanks in advance...
Mikael
You can configure static NAT for 1:1 for the SAA outside interface with a spare public ip address of the router address.
If you don't have spare public ip address, then you must configure static UDP/500 and UDP/4500 PAT on the router and enable NAT - T on the SAA.
-
Satellite Pro M70 failed to refresh an IP address after reboot of the router
My laptop is not able to repair the Wi - Fi connection is if I reset the router. I have to power cycle the phone so he can always reconnect as it gets stuck on getting the network address... Known problems with the hotfix on this matter or anything...?
Thank you
Huw D.
Hello Huw
As much as I know there is has no problems known with WIFI connection and I n know exactly what happens with your WIFI connection. After the reboot of the router try turning off the WIRELESS card with for a short while, turn it back on and try to connect again.
The parameters are the same and nothing should be changed.
Good bye
-
Help: Laserjet M1536dnf does not scan after replacement of the router
Hello
I have a LJ1536 that has worked well until I had to replace my network router after it failed. Now, I can print on both computers I have in the same local network, copy locally in the printer, but will not scan. The printer is connected to the router via an access point configured as client and connected to the printer wireless. After the failure this AP router had to be reconfigured to the new router.
I tried scanning disabling firewall and anti-virus, delete and reinstall all software using the latest version on the web and nothing. FX HP Toolbox works very well. HP Print and doctor Scan did not help. WIA service is Started (auto mode) on the computers.
I get the message on the two computers during an attempt of analysis:
Inaccessible scanner
Scanner communication cannot be established. If make sure that your product is powered, check the connection and make sure that your network is working properly. If these conditions are correct, restart the product and try to scan the image.
If you are running a software firewall, it can block scan communication. Please visit www.hp.com/go/wirelessprinting for help to configure your firewall.
Configuration:
Windows 7 64-bit on both computers
LF1536 FW dated 14/01/2013
Any suggestion?
Hi Jhenrichs,
Thanks for the reply. If the AP was configured to router manufacturer's specifications, it should allow a communication as it did with the previous configuration. Check the below settings that may fix the problem.
The AP settings:
1. make sure that port forwarding is disabled
2 disable DHCP (this should only be enabled on real router), it can be set to automatic or static, but disable DHCP on the access point
I hope this helps!
-
Touchpad 32 GB Causes Reset of the router E4200 Linksys (Cisco)
I just got my new HP Touchpad 32 GB today. It connects to my home network without any problems. However, whenever I try to use the App Catalog from HP or to download an application, it causes my Linksys (Cisco) device to reset. My router has reset about 10 times so far. Is this a known issue?
I updated the firmware on the router to 1.03 and it always resets on a regular basis.
Kind regards
Ultrajones
Turns out be a faulty Cisco E4200.
Maybe you are looking for
-
Someone broke into my computer informing me that he has been infected with malware, viruses, etc. and advising me to contact a phone number, also send me a live conversation on how to solve the problem. He claims to be an Apple / Safari servic
-
Problems with Microsoft-tool to terminate malware
Whenever I have download this tool from the microsoft update service I have problems with my laptop L10-104. The system stops after that one every time changing the period and the display resembles a church window. After that I deleted this tool, the
-
How to configure Yahoo in my default e-mail program so I can scan and send? Alternatively, you can not use webmail for that? Thank you
-
Satellite P300 - - what are product recovery discs contains Vista?
I want to reformat my laptop, it's a Satellite P300... many things does not work more IE: System Restore and corrupt c drive (1) would be to reformat my laptop to fix those problems? (2) 2 discs "TOSHIBA satellite p300 etc. product recovery media and
-
Impossible to format a hard drive with XP Pro partition; some files to refuse to allow the deletion.
My original XP Pro OS has been corrupted after a CHKDSK procedure that wiped out the OS files. I finally had to re - install on another partition and now I want to format the C: partition to get rid of what was wrong with her. But the FORMAT has term