How to re-establish vpn link without reload? 1

[zacca]

Hi there,

My pix515e connected to 2 remote pix506e, they were running fine up to this morning, suddenly my 515e vpn tunnels to both 506e dropped, after reboot 515e, both vpn links up again.

Just wondering except from reload the 515e, what else can I do to force re-establish the vpn links?

Also, what can I do to check what caused the vpn drop?

Thanks in advance for your help!

 

[zacca]

One more info, when the vpn dropped, show crypto isakmp sa show no entries at all. Many thanks!

 

[chicocouk]

run the following debugs when they go down.

debug crypto ipsec sa
debug crypto isakmp sa

Results should show where the vpns are failing, phase 1 or phase 2.

Be sure to drop the vpn at both ends of the tunnel if they won't come up again, ie, to clear all existing ipsec and isakmp SAs;

clear crypto ipsec sa
clear crypto isakmp sa


To be more specific, if you have other vpn tunnels you don't want to disturb, to clear the IPSec SA to address 10.0.0.1, which uses ESP, with an SPI of 256;

clear crypto ipsec sa entry 10.0.0.1 ESP 256



CCNA, MCSE, Cisco Firewall specialist, VPN specialist, wannabe CCSP