The problem is when the ADSL line goes down and the tunnel drops. It needs long time to vpn start working again. Sometime 30 minutes.
Commands on main office router: 'crypto session current status' and 'show crypto isakmp sa' shows:
Interface: Virtual-Access4
Username: bjelis_r1
Profile: sdm-ike-profile-1
Group: vpngrupa
Session status: UP-ACTIVE
Peer: 93.143.178.247 port 24184
IKE SA: local xxx.xxx.xxx.xx/500 remote 93.143.178.247/24184 Active
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0
Active SAs: 2, origin: crypto map
Interface: Virtual-Access6
Username: kopanica_r1
Profile: sdm-ike-profile-1
Group: vpngrupa
Session status: UP-ACTIVE
Peer: 93.143.225.57 port 59893
IKE SA: local xxx.xxx.xxx.xx/500 remote 93.143.225.57/59893 Active
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0
Active SAs: 2, origin: crypto map
Interface: Virtual-Access5
Username: draganec_r1
Profile: sdm-ike-profile-1
Group: vpngrupa
Session status: UP-ACTIVE
Peer: 78.1.136.4 port 12294
IKE SA: local xxx.xxx.xxx.xx/500 remote 78.1.136.4/12294 Active - old adsl connection, why is still active??
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0
Active SAs: 2, origin: crypto map
Interface: Virtual-Access11
Username: draganec_r1
Profile: sdm-ike-profile-1
Group: vpngrupa
Session status: UP-ACTIVE
Peer: 93.141.77.248 port 20937
IKE SA: local xxx.xxx.xxx.xx/500 remote 93.141.77.248/20937 Active - new adsl connection
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0
Active SAs: 2, origin: crypto map
Sometimes i see UP-IDLE on old adsl connection too.
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
xxx.xxx.xxx.xx 93.143.178.247 QM_IDLE 3038 0 ACTIVE
xxx.xxx.xxx.xx 78.0.68.86 QM_IDLE 2091 0 ACTIVE
xxx.xxx.xxx.xx 93.143.225.57 QM_IDLE 2078 0 ACTIVE
xxx.xxx.xxx.xx 93.141.77.248 QM_IDLE 2096 0 ACTIVE - new adsl connection
xxx.xxx.xxx.xx 78.1.136.4 QM_IDLE 2095 0 ACTIVE - old adsl connection
As you can see there are few locations, but just this one is making problems.
What can i do to speed this up?
Thanks
Commands on main office router: 'crypto session current status' and 'show crypto isakmp sa' shows:
Interface: Virtual-Access4
Username: bjelis_r1
Profile: sdm-ike-profile-1
Group: vpngrupa
Session status: UP-ACTIVE
Peer: 93.143.178.247 port 24184
IKE SA: local xxx.xxx.xxx.xx/500 remote 93.143.178.247/24184 Active
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0
Active SAs: 2, origin: crypto map
Interface: Virtual-Access6
Username: kopanica_r1
Profile: sdm-ike-profile-1
Group: vpngrupa
Session status: UP-ACTIVE
Peer: 93.143.225.57 port 59893
IKE SA: local xxx.xxx.xxx.xx/500 remote 93.143.225.57/59893 Active
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0
Active SAs: 2, origin: crypto map
Interface: Virtual-Access5
Username: draganec_r1
Profile: sdm-ike-profile-1
Group: vpngrupa
Session status: UP-ACTIVE
Peer: 78.1.136.4 port 12294
IKE SA: local xxx.xxx.xxx.xx/500 remote 78.1.136.4/12294 Active - old adsl connection, why is still active??
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0
Active SAs: 2, origin: crypto map
Interface: Virtual-Access11
Username: draganec_r1
Profile: sdm-ike-profile-1
Group: vpngrupa
Session status: UP-ACTIVE
Peer: 93.141.77.248 port 20937
IKE SA: local xxx.xxx.xxx.xx/500 remote 93.141.77.248/20937 Active - new adsl connection
IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 0.0.0.0/0.0.0.0
Active SAs: 2, origin: crypto map
Sometimes i see UP-IDLE on old adsl connection too.
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
xxx.xxx.xxx.xx 93.143.178.247 QM_IDLE 3038 0 ACTIVE
xxx.xxx.xxx.xx 78.0.68.86 QM_IDLE 2091 0 ACTIVE
xxx.xxx.xxx.xx 93.143.225.57 QM_IDLE 2078 0 ACTIVE
xxx.xxx.xxx.xx 93.141.77.248 QM_IDLE 2096 0 ACTIVE - new adsl connection
xxx.xxx.xxx.xx 78.1.136.4 QM_IDLE 2095 0 ACTIVE - old adsl connection
As you can see there are few locations, but just this one is making problems.
What can i do to speed this up?
Thanks
