Solved

Cisco VPN Concentrator 3000 - lost lan-to-lan sessions after reboot. Please help!

Posted on 2004-08-17
7
618 Views
Last Modified: 2010-04-11
Hi there,

We had a little power surge and lost our connection to one of our sites. (other sites were ok). I decided to reboot the concentrator and cannot reconnect the lan-to-lan sessions for any of our sites now. I simply thought everything would come back on-line, well at least the sites that were working fine but this was not the case.

How do i re-establish lan-to-lan connections on the Cisco VPN Concentrator 3000?

Please help!
0
Comment
Question by:Fernando
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Expert Comment

by:ngravatt
ID: 11821356
check:
Configuration | Tunneling and Security | IPSec | LAN-to-LAN

are the entries still there?

If so, disable, then re-enable them.  
0
 

Author Comment

by:Fernando
ID: 11822285
There is no option to disable or re-enable.

Under Configuration i have; |System||Tunneling Protocols||IPSEC||Lan-to-Lan|.

Then: |Add||Modify| & |Delete|

The 3 sites are listed and settings are all good. 2 of the 3 have come back on since I last posted but I would assume it was because a connection was requested from the remote sites themselves. I need to logon to the one that's still down.

- Melbourne
- Brisbane

...were up before reboot.

NZ went down after power surge.

- NZ
- Brisbane

...are back online now.

Melbourne is still down.

I'm a bit sleepy and tired atm, so please excuse my description... :)
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 11823565
if you select Melbourne and then click modify, you can have the option to disable or enable the connection.  I am not sure that this will work, but i thought that that might initailize the connection.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Expert Comment

by:chrisdixon
ID: 11843886
as ngravatt said above, there should be a tickbox at the top of the conguration page for each LAN-LAN tunnel
(system->tunneling protocols->ipsec->LAN to LAN select a tunnel then 'modify').
Having said that, if your box had been corrupted in any way, the chances are that nothing would work!

LAN-LAN tunnels only come up if traffic destined for them actually hits the VPN concentrator. The best way to get your tunnels up is to 'ping' devices on the remote sites from a local PC, whilst refershing the 'Monitoring-Sessions' page to see if the connections are being made.
0
 

Author Comment

by:Fernando
ID: 11848130
Eventually Melbourne was back up when I returned in the morning. Either way, if it happens again...

What do I ping? An internal IP on the remote site or the external internet IP of the remote site?

I have Current Software Revision:
Cisco Systems, Inc./VPN 3000 Concentrator Version 3.6.7.B Feb 27 2003 21:27:06

I don't have that option you are both referring to. Is this an OLD version? Is updating the software when everything is working fine recommended?

Thanks
0
 

Expert Comment

by:chrisdixon
ID: 11850039
To initiate the Tunnel (in the absence of any 'normal' LAN to LAN traffic which will kick the tunnel into life for you), ping a device in the remote LAN from a PC in your LAN. You have to send some traffic over the tunnel.

Your VPN3000 software isn't *too* old, but newer versions are available. We are running version 4.1.5, which also supports 'clientless' SSL VPN sessions (AKA WebVPN). Upgrading the OS won't do any harm.
0
 
LVL 10

Accepted Solution

by:
ngravatt earned 500 total points
ID: 11851934
yeah, i am using
Cisco Systems, Inc./VPN 3000 Concentrator Version 4.1.4.Rel Apr 28 2004 18:31:58

yes it is reccommended to update when everything is working fine.  This will ensure that you do not have any more problems in the future.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question