?
Solved

Cisco VPN Concentrator 3000 - lost lan-to-lan sessions after reboot. Please help!

Posted on 2004-08-17
7
Medium Priority
?
637 Views
Last Modified: 2010-04-11
Hi there,

We had a little power surge and lost our connection to one of our sites. (other sites were ok). I decided to reboot the concentrator and cannot reconnect the lan-to-lan sessions for any of our sites now. I simply thought everything would come back on-line, well at least the sites that were working fine but this was not the case.

How do i re-establish lan-to-lan connections on the Cisco VPN Concentrator 3000?

Please help!
0
Comment
Question by:Fernando
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Expert Comment

by:ngravatt
ID: 11821356
check:
Configuration | Tunneling and Security | IPSec | LAN-to-LAN

are the entries still there?

If so, disable, then re-enable them.  
0
 

Author Comment

by:Fernando
ID: 11822285
There is no option to disable or re-enable.

Under Configuration i have; |System||Tunneling Protocols||IPSEC||Lan-to-Lan|.

Then: |Add||Modify| & |Delete|

The 3 sites are listed and settings are all good. 2 of the 3 have come back on since I last posted but I would assume it was because a connection was requested from the remote sites themselves. I need to logon to the one that's still down.

- Melbourne
- Brisbane

...were up before reboot.

NZ went down after power surge.

- NZ
- Brisbane

...are back online now.

Melbourne is still down.

I'm a bit sleepy and tired atm, so please excuse my description... :)
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 11823565
if you select Melbourne and then click modify, you can have the option to disable or enable the connection.  I am not sure that this will work, but i thought that that might initailize the connection.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Expert Comment

by:chrisdixon
ID: 11843886
as ngravatt said above, there should be a tickbox at the top of the conguration page for each LAN-LAN tunnel
(system->tunneling protocols->ipsec->LAN to LAN select a tunnel then 'modify').
Having said that, if your box had been corrupted in any way, the chances are that nothing would work!

LAN-LAN tunnels only come up if traffic destined for them actually hits the VPN concentrator. The best way to get your tunnels up is to 'ping' devices on the remote sites from a local PC, whilst refershing the 'Monitoring-Sessions' page to see if the connections are being made.
0
 

Author Comment

by:Fernando
ID: 11848130
Eventually Melbourne was back up when I returned in the morning. Either way, if it happens again...

What do I ping? An internal IP on the remote site or the external internet IP of the remote site?

I have Current Software Revision:
Cisco Systems, Inc./VPN 3000 Concentrator Version 3.6.7.B Feb 27 2003 21:27:06

I don't have that option you are both referring to. Is this an OLD version? Is updating the software when everything is working fine recommended?

Thanks
0
 

Expert Comment

by:chrisdixon
ID: 11850039
To initiate the Tunnel (in the absence of any 'normal' LAN to LAN traffic which will kick the tunnel into life for you), ping a device in the remote LAN from a PC in your LAN. You have to send some traffic over the tunnel.

Your VPN3000 software isn't *too* old, but newer versions are available. We are running version 4.1.5, which also supports 'clientless' SSL VPN sessions (AKA WebVPN). Upgrading the OS won't do any harm.
0
 
LVL 10

Accepted Solution

by:
ngravatt earned 1500 total points
ID: 11851934
yeah, i am using
Cisco Systems, Inc./VPN 3000 Concentrator Version 4.1.4.Rel Apr 28 2004 18:31:58

yes it is reccommended to update when everything is working fine.  This will ensure that you do not have any more problems in the future.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question