Solved

Cisco VPN Concentrator 3000 - lost lan-to-lan sessions after reboot. Please help!

Posted on 2004-08-17
7
608 Views
Last Modified: 2010-04-11
Hi there,

We had a little power surge and lost our connection to one of our sites. (other sites were ok). I decided to reboot the concentrator and cannot reconnect the lan-to-lan sessions for any of our sites now. I simply thought everything would come back on-line, well at least the sites that were working fine but this was not the case.

How do i re-establish lan-to-lan connections on the Cisco VPN Concentrator 3000?

Please help!
0
Comment
Question by:Fernando
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Expert Comment

by:ngravatt
ID: 11821356
check:
Configuration | Tunneling and Security | IPSec | LAN-to-LAN

are the entries still there?

If so, disable, then re-enable them.  
0
 

Author Comment

by:Fernando
ID: 11822285
There is no option to disable or re-enable.

Under Configuration i have; |System||Tunneling Protocols||IPSEC||Lan-to-Lan|.

Then: |Add||Modify| & |Delete|

The 3 sites are listed and settings are all good. 2 of the 3 have come back on since I last posted but I would assume it was because a connection was requested from the remote sites themselves. I need to logon to the one that's still down.

- Melbourne
- Brisbane

...were up before reboot.

NZ went down after power surge.

- NZ
- Brisbane

...are back online now.

Melbourne is still down.

I'm a bit sleepy and tired atm, so please excuse my description... :)
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 11823565
if you select Melbourne and then click modify, you can have the option to disable or enable the connection.  I am not sure that this will work, but i thought that that might initailize the connection.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Expert Comment

by:chrisdixon
ID: 11843886
as ngravatt said above, there should be a tickbox at the top of the conguration page for each LAN-LAN tunnel
(system->tunneling protocols->ipsec->LAN to LAN select a tunnel then 'modify').
Having said that, if your box had been corrupted in any way, the chances are that nothing would work!

LAN-LAN tunnels only come up if traffic destined for them actually hits the VPN concentrator. The best way to get your tunnels up is to 'ping' devices on the remote sites from a local PC, whilst refershing the 'Monitoring-Sessions' page to see if the connections are being made.
0
 

Author Comment

by:Fernando
ID: 11848130
Eventually Melbourne was back up when I returned in the morning. Either way, if it happens again...

What do I ping? An internal IP on the remote site or the external internet IP of the remote site?

I have Current Software Revision:
Cisco Systems, Inc./VPN 3000 Concentrator Version 3.6.7.B Feb 27 2003 21:27:06

I don't have that option you are both referring to. Is this an OLD version? Is updating the software when everything is working fine recommended?

Thanks
0
 

Expert Comment

by:chrisdixon
ID: 11850039
To initiate the Tunnel (in the absence of any 'normal' LAN to LAN traffic which will kick the tunnel into life for you), ping a device in the remote LAN from a PC in your LAN. You have to send some traffic over the tunnel.

Your VPN3000 software isn't *too* old, but newer versions are available. We are running version 4.1.5, which also supports 'clientless' SSL VPN sessions (AKA WebVPN). Upgrading the OS won't do any harm.
0
 
LVL 10

Accepted Solution

by:
ngravatt earned 500 total points
ID: 11851934
yeah, i am using
Cisco Systems, Inc./VPN 3000 Concentrator Version 4.1.4.Rel Apr 28 2004 18:31:58

yes it is reccommended to update when everything is working fine.  This will ensure that you do not have any more problems in the future.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now