L-Plate
asked on
GRE tunnel keepalives not working on 1 end
hi,
i am trying to enable GRE tunnel keepalives in order for our floating static routes to kick in should there be a problem in the GRE tunnel path.
we operate a hub and spoke network. The GRE tunnels are IPSEC protected using crypto maps.
wehn i enable the keepalives on the tunnel interfaces, at the hub end we get replies and the tunnel is in up/up state, but at the remote site the router sends the keepalive but does not get the reply, and this puts the tunnel interface in a up/down state
debugs...
debug tunnel keepalive at hub...
UK-VPN-RTR-3825-01#
Oct 5 07:56:50.456: Tunnel178: sending keepalive, 62.28.21.152->213.86.84.36
en=24 ttl=255), counter=1
Oct 5 07:56:50.520: Tunnel178: keepalive received, 62.28.21.152->213.86.84.36
len=24 ttl=245), resetting counter
and also the same debug at the remote site...
277303: Oct 4 11:37:11.473 GMT: Tunnel179: sending keepalive, 213.86.84.36->62.
28.21.152 (len=24 ttl=255), counter=18840
277337: Oct 4 11:37:16.472 GMT: Tunnel179: sending keepalive, 213.86.84.36->62.
28.21.152 (len=24 ttl=255), counter=18841
277345: Oct 4 11:37:21.471 GMT: Tunnel179: sending keepalive, 213.86.84.36->62.
28.21.152 (len=24 ttl=255), counter=18842
i am trying to enable GRE tunnel keepalives in order for our floating static routes to kick in should there be a problem in the GRE tunnel path.
we operate a hub and spoke network. The GRE tunnels are IPSEC protected using crypto maps.
wehn i enable the keepalives on the tunnel interfaces, at the hub end we get replies and the tunnel is in up/up state, but at the remote site the router sends the keepalive but does not get the reply, and this puts the tunnel interface in a up/down state
debugs...
debug tunnel keepalive at hub...
UK-VPN-RTR-3825-01#
Oct 5 07:56:50.456: Tunnel178: sending keepalive, 62.28.21.152->213.86.84.36
en=24 ttl=255), counter=1
Oct 5 07:56:50.520: Tunnel178: keepalive received, 62.28.21.152->213.86.84.36
len=24 ttl=245), resetting counter
and also the same debug at the remote site...
277303: Oct 4 11:37:11.473 GMT: Tunnel179: sending keepalive, 213.86.84.36->62.
28.21.152 (len=24 ttl=255), counter=18840
277337: Oct 4 11:37:16.472 GMT: Tunnel179: sending keepalive, 213.86.84.36->62.
28.21.152 (len=24 ttl=255), counter=18841
277345: Oct 4 11:37:21.471 GMT: Tunnel179: sending keepalive, 213.86.84.36->62.
28.21.152 (len=24 ttl=255), counter=18842
ArneLovius
how many retries do you have set ?
ASKER
any help on this please guys?
ASKER
hi there,
the command on the tunnel interface is keepalive 5 4
so i guess 4 retries
the command on the tunnel interface is keepalive 5 4
so i guess 4 retries
Can you post your route configs?
Do you have any ACL or Firewall between these routers that would allow the keepalives on way but not the other?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hi Soulja,
i think i read this same link the other day. we use crypto maps for the IPSEC tunnels at both ends, and the match address staement in the crypto maps simply matches the gre traffic from router to router at each end. i have not even heard of the tunnel method protection to be honest.
Our inbound access lists on the routers permit gre, isakmp and esp traffic from router to router.
do you need to see just the gre tunnel config from each router?
i think i read this same link the other day. we use crypto maps for the IPSEC tunnels at both ends, and the match address staement in the crypto maps simply matches the gre traffic from router to router at each end. i have not even heard of the tunnel method protection to be honest.
Our inbound access lists on the routers permit gre, isakmp and esp traffic from router to router.
do you need to see just the gre tunnel config from each router?
To keep it simple, post the entire sanitized configs.
ASKER
remote site router where tunnel goes down...
crypto map PORTUGALWH 179 ipsec-isakmp
description ## ENCRYPT GRE TUNNEL TO UK BILSTON ##
set peer 213.86.84.36
set transform-set PORTUGAL_3DES_GRE
match address 179
interface Tunnel179
description ## ENCRYPT GRE TUNNEL TO UK BILSTON ##
bandwidth 2048
ip unnumbered Vlan1
no ip redirects
no ip proxy-arp
ip mtu 1440
ip virtual-reassembly
keepalive 5 4
tunnel source Dialer1
tunnel destination 213.86.84.36
crypto map PORTUGALWH
access-list 179 permit gre host 62.28.21.152 host 213.86.84.36
hub site router where tunnel stays up...
crypto map UK 178 ipsec-isakmp
description ## ENCRYPT GRE TUNNEL TO PORTUGAL WH ##
set peer 62.28.21.152
set transform-set UK_3DES_GRE
match address 178
interface Tunnel178
description ## ENCRYPT GRE TUNNEL TO PORTUGAL WH ##
bandwidth 2048
ip unnumbered GigabitEthernet0/0
no ip redirects
no ip proxy-arp
ip mtu 1440
ip virtual-reassembly
keepalive 5 4
tunnel source 213.86.84.36
tunnel destination 62.28.21.152
! the crypto map on this router is applied to the outside interface only, not the individual tunnel interfaces...
interface GigabitEthernet0/1
description WAN
bandwidth 10000
ip address 213.86.84.36 255.255.255.224
ip access-group outside_access_in in
duplex full
speed 100
media-type rj45
crypto map UK
crypto map PORTUGALWH 179 ipsec-isakmp
description ## ENCRYPT GRE TUNNEL TO UK BILSTON ##
set peer 213.86.84.36
set transform-set PORTUGAL_3DES_GRE
match address 179
interface Tunnel179
description ## ENCRYPT GRE TUNNEL TO UK BILSTON ##
bandwidth 2048
ip unnumbered Vlan1
no ip redirects
no ip proxy-arp
ip mtu 1440
ip virtual-reassembly
keepalive 5 4
tunnel source Dialer1
tunnel destination 213.86.84.36
crypto map PORTUGALWH
access-list 179 permit gre host 62.28.21.152 host 213.86.84.36
hub site router where tunnel stays up...
crypto map UK 178 ipsec-isakmp
description ## ENCRYPT GRE TUNNEL TO PORTUGAL WH ##
set peer 62.28.21.152
set transform-set UK_3DES_GRE
match address 178
interface Tunnel178
description ## ENCRYPT GRE TUNNEL TO PORTUGAL WH ##
bandwidth 2048
ip unnumbered GigabitEthernet0/0
no ip redirects
no ip proxy-arp
ip mtu 1440
ip virtual-reassembly
keepalive 5 4
tunnel source 213.86.84.36
tunnel destination 62.28.21.152
! the crypto map on this router is applied to the outside interface only, not the individual tunnel interfaces...
interface GigabitEthernet0/1
description WAN
bandwidth 10000
ip address 213.86.84.36 255.255.255.224
ip access-group outside_access_in in
duplex full
speed 100
media-type rj45
crypto map UK
What are the contents of this acl outside_access_in. This is why I asked to post the entire config.
can you also post access-list 178?
ASKER
sorry, my entire config on the hub router is huge, we have so many remote sites, but anyway, here is the contents of the acl in, and also acl 178. below this i will put the same configs for the remote site router...
ip access-list extended outside_access_in
permit udp host 77.40.215.162 host 213.86.84.36 eq isakmp
permit gre host 77.40.215.162 host 213.86.84.36
permit esp host 77.40.215.162 host 213.86.84.36
permit udp host 83.69.34.243 host 213.86.84.36 eq isakmp
permit gre host 82.148.34.117 host 213.86.84.36
permit udp host 82.148.34.117 host 213.86.84.36 eq isakmp
permit esp host 82.148.34.117 host 213.86.84.36
permit gre host 83.69.34.243 host 213.86.84.36
permit esp host 83.69.34.243 host 213.86.84.36
permit udp host 81.243.250.57 host 213.86.84.36 eq isakmp
permit udp host 195.39.71.6 host 213.86.84.36 eq isakmp
permit udp host 195.235.210.35 host 213.86.84.36 eq isakmp
permit gre host 195.235.210.35 host 213.86.84.36
permit esp host 195.235.210.35 host 213.86.84.36
permit gre host 84.252.208.82 host 213.86.84.36
permit esp host 84.252.208.82 host 213.86.84.36
permit udp host 84.252.208.82 host 213.86.84.36 eq isakmp
permit gre host 195.39.71.6 host 213.86.84.36
permit esp host 195.39.71.6 host 213.86.84.36
permit gre host 81.243.250.57 host 213.86.84.36
permit udp host 80.235.14.122 host 213.86.84.36 eq isakmp
permit udp host 217.108.54.201 host 213.86.84.36 eq isakmp
permit gre host 217.108.54.201 host 213.86.84.36
permit esp host 217.108.54.201 host 213.86.84.36
permit gre host 62.168.12.22 host 213.86.84.36
permit esp host 62.168.12.22 host 213.86.84.36
permit gre host 80.235.14.122 host 213.86.84.36
permit esp host 80.235.14.122 host 213.86.84.36
permit gre host 91.82.126.170 host 213.86.84.36
permit esp host 91.82.126.170 host 213.86.84.36
permit udp host 91.82.126.170 host 213.86.84.36 eq isakmp
permit esp host 193.92.136.189 host 213.86.84.36
permit udp host 193.92.136.189 host 213.86.84.36 eq isakmp
permit gre host 82.76.22.162 host 213.86.84.36
permit esp host 82.76.22.162 host 213.86.84.36
permit udp host 82.76.22.162 host 213.86.84.36 eq isakmp
permit esp host 82.141.232.167 host 213.86.84.36
permit udp host 82.141.232.167 host 213.86.84.36 eq isakmp
permit gre host 82.141.232.167 host 213.86.84.36
permit esp host 194.78.62.249 host 213.86.84.36
permit udp host 194.78.62.249 host 213.86.84.36 eq isakmp
permit gre host 194.78.62.249 host 213.86.84.36
permit esp host 80.160.18.254 host 213.86.84.36
permit gre host 80.160.18.254 host 213.86.84.36
permit esp host 81.43.111.79 host 213.86.84.36
permit gre host 81.43.111.79 host 213.86.84.36
permit udp host 81.43.111.79 host 213.86.84.36 eq isakmp
permit udp host 80.160.18.254 host 213.86.84.36 eq isakmp
permit esp host 80.121.255.154 host 213.86.84.36
permit udp host 80.121.255.154 host 213.86.84.36 eq isakmp
permit gre host 80.121.255.154 host 213.86.84.36
permit esp host 62.181.206.66 host 213.86.84.36
permit udp host 62.181.206.66 host 213.86.84.36 eq isakmp
permit gre host 62.181.206.66 host 213.86.84.36
permit esp host 81.214.137.132 host 213.86.84.36
permit udp host 81.214.137.132 host 213.86.84.36 eq isakmp
permit gre host 81.214.137.132 host 213.86.84.36
permit gre host 84.14.12.50 host 213.86.84.36
permit esp host 84.14.12.50 host 213.86.84.36
permit udp host 84.14.12.50 host 213.86.84.36 eq isakmp
permit gre host 212.18.46.98 host 213.86.84.36
permit esp host 212.18.46.98 host 213.86.84.36
permit udp host 212.18.46.98 host 213.86.84.36 eq isakmp
permit esp host 65.171.12.3 host 213.86.84.36
permit udp host 65.171.12.3 host 213.86.84.36 eq isakmp
permit gre host 65.171.12.3 host 213.86.84.36
permit esp host 217.37.142.21 host 213.86.84.36
permit udp host 217.37.142.21 host 213.86.84.36 eq isakmp
permit gre host 217.37.142.21 host 213.86.84.36
permit esp host 212.97.47.250 host 213.86.84.36
permit udp host 212.97.47.250 host 213.86.84.36 eq isakmp
permit gre host 212.97.47.250 host 213.86.84.36
permit esp host 62.23.116.210 host 213.86.84.36
permit udp host 62.23.116.210 host 213.86.84.36 eq isakmp
permit gre host 62.23.116.210 host 213.86.84.36
permit esp host 192.38.226.58 host 213.86.84.36
permit udp host 192.38.226.58 host 213.86.84.36 eq isakmp
permit gre host 192.38.226.58 host 213.86.84.36
permit esp host 194.20.6.58 host 213.86.84.36
permit udp host 194.20.6.58 host 213.86.84.36 eq isakmp
permit gre host 194.20.6.58 host 213.86.84.36
permit gre host 82.148.33.201 host 213.86.84.36
permit esp host 212.42.191.29 host 213.86.84.36
permit udp host 212.42.191.29 host 213.86.84.36 eq isakmp
permit gre host 212.42.191.29 host 213.86.84.36
permit gre host 195.47.106.203 host 213.86.84.36
permit esp host 84.14.90.26 host 213.86.84.36
permit udp host 84.14.90.26 host 213.86.84.36 eq isakmp
permit gre host 84.14.90.26 host 213.86.84.36
permit udp host 195.47.106.203 host 213.86.84.36 eq isakmp
permit esp host 216.110.25.3 host 213.86.84.36
permit esp host 85.88.145.34 host 213.86.84.36
permit udp host 85.88.145.34 host 213.86.84.36 eq isakmp
permit gre host 85.88.145.34 host 213.86.84.36
permit esp host 62.97.66.234 host 213.86.84.36
permit udp host 62.97.66.234 host 213.86.84.36 eq isakmp
permit gre host 62.97.66.234 host 213.86.84.36
permit esp host 195.47.106.203 host 213.86.84.36
permit esp host 87.139.90.51 host 213.86.84.36
permit udp host 87.139.90.51 host 213.86.84.36 eq isakmp
permit gre host 87.139.90.51 host 213.86.84.36
permit esp host 195.50.151.10 host 213.86.84.36
permit udp host 195.50.151.10 host 213.86.84.36 eq isakmp
permit gre host 195.50.151.10 host 213.86.84.36
permit esp host 80.188.106.153 host 213.86.84.36
permit esp host 81.243.250.57 host 213.86.84.36
permit gre host 195.29.84.134 host 213.86.84.36
permit udp host 195.29.84.134 host 213.86.84.36 eq isakmp
permit esp host 195.29.84.134 host 213.86.84.36
permit udp host 83.71.191.65 host 213.86.84.36 eq isakmp
permit gre host 83.71.191.65 host 213.86.84.36
permit esp host 83.71.191.65 host 213.86.84.36
permit udp host 195.168.42.234 host 213.86.84.36 eq isakmp
permit gre host 195.168.42.234 host 213.86.84.36
permit esp host 195.168.42.234 host 213.86.84.36
permit udp host 195.56.169.77 host 213.86.84.36 eq isakmp
permit gre host 195.56.169.77 host 213.86.84.36
permit esp host 195.56.169.77 host 213.86.84.36
permit esp host 212.4.70.218 host 213.86.84.36
permit udp host 212.4.70.218 host 213.86.84.36 eq isakmp
permit gre host 212.4.70.218 host 213.86.84.36
permit esp host 62.28.21.152 host 213.86.84.36
permit udp host 62.28.21.152 host 213.86.84.36 eq isakmp
permit gre host 62.28.21.152 host 213.86.84.36
permit esp host 193.69.147.194 host 213.86.84.36
permit udp host 193.69.147.194 host 213.86.84.36 eq isakmp
permit gre host 193.69.147.194 host 213.86.84.36
permit esp host 217.197.166.203 host 213.86.84.36
permit udp host 217.197.166.203 host 213.86.84.36 eq isakmp
permit gre host 217.197.166.203 host 213.86.84.36
permit esp host 62.173.177.18 host 213.86.84.36
permit udp host 62.173.177.18 host 213.86.84.36 eq isakmp
permit gre host 62.173.177.18 host 213.86.84.36
permit udp host 85.105.82.34 host 213.86.84.36 eq isakmp
permit gre host 85.105.82.34 host 213.86.84.36
permit udp host 82.148.33.201 host 213.86.84.36 eq isakmp
permit esp host 82.148.33.201 host 213.86.84.36
permit udp host 213.27.198.225 host 213.86.84.36 eq isakmp
permit gre host 213.27.198.225 host 213.86.84.36
permit esp host 213.27.198.225 host 213.86.84.36
permit esp host 85.105.82.34 host 213.86.84.36
permit udp host 62.97.68.18 host 213.86.84.36 eq isakmp
permit gre host 62.97.68.18 host 213.86.84.36
permit esp host 62.97.68.18 host 213.86.84.36
permit gre host 86.47.223.243 host 213.86.84.36
permit esp host 86.47.223.243 host 213.86.84.36
permit udp host 62.168.12.22 host 213.86.84.36 eq isakmp
permit udp host 86.47.223.243 host 213.86.84.36 eq isakmp
permit gre host 213.229.143.18 host 213.86.84.36
permit esp host 213.229.143.18 host 213.86.84.36
permit udp host 213.229.143.18 host 213.86.84.36 eq isakmp
permit udp host 125.255.97.170 host 213.86.84.36 eq isakmp
permit gre host 125.255.97.170 host 213.86.84.36
permit esp host 125.255.97.170 host 213.86.84.36
permit udp host 194.100.134.50 host 213.86.84.36 eq isakmp
permit gre host 194.100.134.50 host 213.86.84.36
permit esp host 194.100.134.50 host 213.86.84.36
permit udp host 216.110.25.3 host 213.86.84.36 eq isakmp
permit gre host 216.110.25.3 host 213.86.84.36
permit gre host 217.108.137.177 host 213.86.84.36
permit esp host 217.108.137.177 host 213.86.84.36
permit udp host 217.108.137.177 host 213.86.84.36 eq isakmp
permit udp host 85.105.172.137 host 213.86.84.36 eq isakmp
permit gre host 85.105.172.137 host 213.86.84.36
permit esp host 85.105.172.137 host 213.86.84.36
permit udp host 78.189.190.15 host 213.86.84.36 eq isakmp
permit gre host 78.189.190.15 host 213.86.84.36
permit esp host 78.189.190.15 host 213.86.84.36
permit udp host 78.189.180.15 host 213.86.84.36 eq isakmp
permit gre host 78.189.180.15 host 213.86.84.36
permit esp host 78.189.180.15 host 213.86.84.36
permit gre host 193.85.249.170 host 213.86.84.36
permit esp host 193.85.249.170 host 213.86.84.36
permit udp host 193.85.249.170 host 213.86.84.36 eq isakmp
permit gre host 212.145.144.166 host 213.86.84.36
permit esp host 212.145.144.166 host 213.86.84.36
permit udp host 212.145.144.166 host 213.86.84.36 eq isakmp
permit gre host 95.60.254.66 host 213.86.84.36
permit esp host 95.60.254.66 host 213.86.84.36
permit udp host 95.60.254.66 host 213.86.84.36 eq isakmp
permit udp host 188.111.86.138 host 213.86.84.36 eq isakmp
permit gre host 188.111.86.138 host 213.86.84.36
permit esp host 188.111.86.138 host 213.86.84.36
permit esp host 90.182.141.126 host 213.86.84.36
permit gre host 90.182.141.126 host 213.86.84.36
permit udp host 90.182.141.126 host 213.86.84.36 eq isakmp
permit udp host 78.189.29.41 host 213.86.84.36 eq isakmp
permit gre host 78.189.29.41 host 213.86.84.36
permit esp host 78.189.29.41 host 213.86.84.36
permit esp host 90.182.146.202 host 213.86.84.36
permit udp host 90.182.146.202 host 213.86.84.36 eq isakmp
permit gre host 90.182.146.202 host 213.86.84.36
permit udp host 212.145.145.138 host 213.86.84.36 eq isakmp
permit gre host 212.145.145.138 host 213.86.84.36
permit esp host 212.145.145.138 host 213.86.84.36
permit udp host 212.145.145.142 host 213.86.84.36 eq isakmp
permit gre host 212.145.145.142 host 213.86.84.36
permit esp host 212.145.145.142 host 213.86.84.36
permit udp host 212.145.145.150 host 213.86.84.36 eq isakmp
permit gre host 212.145.145.150 host 213.86.84.36
permit esp host 212.145.145.150 host 213.86.84.36
permit udp host 81.180.118.220 host 213.86.84.36 eq isakmp
permit gre host 81.180.118.220 host 213.86.84.36
permit esp host 81.180.118.220 host 213.86.84.36
permit udp host 78.189.227.75 host 213.86.84.36 eq isakmp
permit gre host 78.189.227.75 host 213.86.84.36
permit esp host 78.189.227.75 host 213.86.84.36
deny ip any any log
access-list 178 permit gre host 213.86.84.36 host 62.28.21.152
remote site...
ip access-list extended outside_access_in
permit tcp 212.58.55.192 0.0.0.63 host 62.28.21.152 eq 22
permit esp host 84.252.208.82 host 62.28.21.152
permit gre host 84.252.208.82 host 62.28.21.152
permit udp host 84.252.208.82 host 62.28.21.152 eq isakmp
permit icmp host 84.252.208.82 host 62.28.21.152
permit tcp host 84.252.208.82 host 62.28.21.152 eq 22
permit esp host 213.86.84.36 host 62.28.21.152
permit icmp 212.58.55.192 0.0.0.63 host 62.28.21.152
permit icmp 85.88.145.32 0.0.0.3 host 62.28.21.152
permit tcp 85.88.145.32 0.0.0.3 host 62.28.21.152 eq 22
permit gre host 213.86.84.36 host 62.28.21.152
permit esp host 213.86.84.196 host 62.28.21.152
permit gre host 213.86.84.196 host 62.28.21.152
permit udp host 213.86.84.196 host 62.28.21.152 eq isakmp
permit udp host 213.86.84.36 host 62.28.21.152 eq isakmp
permit esp host 216.110.25.3 host 62.28.21.152
permit gre host 216.110.25.3 host 62.28.21.152
permit udp host 216.110.25.3 host 62.28.21.152 eq isakmp
permit esp host 85.88.145.34 host 62.28.21.152
permit gre host 85.88.145.34 host 62.28.21.152
permit udp host 85.88.145.34 host 62.28.21.152 eq isakmp
permit icmp host 85.88.145.34 host 62.28.21.152
permit icmp host 62.48.177.146 host 62.28.21.152
deny ip 10.0.176.0 0.0.15.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 192.168.0.0 0.0.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip host 255.255.255.255 any log
permit tcp 213.86.84.32 0.0.0.31 host 62.28.21.152 eq 22
permit icmp 213.86.84.32 0.0.0.31 host 62.28.21.152
permit tcp 213.86.84.192 0.0.0.31 host 62.28.21.152 eq 22
permit icmp 213.86.84.192 0.0.0.31 host 62.28.21.152
deny ip any any log
!
access-list 179 permit gre host 62.28.21.152 host 213.86.84.36
ip access-list extended outside_access_in
permit udp host 77.40.215.162 host 213.86.84.36 eq isakmp
permit gre host 77.40.215.162 host 213.86.84.36
permit esp host 77.40.215.162 host 213.86.84.36
permit udp host 83.69.34.243 host 213.86.84.36 eq isakmp
permit gre host 82.148.34.117 host 213.86.84.36
permit udp host 82.148.34.117 host 213.86.84.36 eq isakmp
permit esp host 82.148.34.117 host 213.86.84.36
permit gre host 83.69.34.243 host 213.86.84.36
permit esp host 83.69.34.243 host 213.86.84.36
permit udp host 81.243.250.57 host 213.86.84.36 eq isakmp
permit udp host 195.39.71.6 host 213.86.84.36 eq isakmp
permit udp host 195.235.210.35 host 213.86.84.36 eq isakmp
permit gre host 195.235.210.35 host 213.86.84.36
permit esp host 195.235.210.35 host 213.86.84.36
permit gre host 84.252.208.82 host 213.86.84.36
permit esp host 84.252.208.82 host 213.86.84.36
permit udp host 84.252.208.82 host 213.86.84.36 eq isakmp
permit gre host 195.39.71.6 host 213.86.84.36
permit esp host 195.39.71.6 host 213.86.84.36
permit gre host 81.243.250.57 host 213.86.84.36
permit udp host 80.235.14.122 host 213.86.84.36 eq isakmp
permit udp host 217.108.54.201 host 213.86.84.36 eq isakmp
permit gre host 217.108.54.201 host 213.86.84.36
permit esp host 217.108.54.201 host 213.86.84.36
permit gre host 62.168.12.22 host 213.86.84.36
permit esp host 62.168.12.22 host 213.86.84.36
permit gre host 80.235.14.122 host 213.86.84.36
permit esp host 80.235.14.122 host 213.86.84.36
permit gre host 91.82.126.170 host 213.86.84.36
permit esp host 91.82.126.170 host 213.86.84.36
permit udp host 91.82.126.170 host 213.86.84.36 eq isakmp
permit esp host 193.92.136.189 host 213.86.84.36
permit udp host 193.92.136.189 host 213.86.84.36 eq isakmp
permit gre host 82.76.22.162 host 213.86.84.36
permit esp host 82.76.22.162 host 213.86.84.36
permit udp host 82.76.22.162 host 213.86.84.36 eq isakmp
permit esp host 82.141.232.167 host 213.86.84.36
permit udp host 82.141.232.167 host 213.86.84.36 eq isakmp
permit gre host 82.141.232.167 host 213.86.84.36
permit esp host 194.78.62.249 host 213.86.84.36
permit udp host 194.78.62.249 host 213.86.84.36 eq isakmp
permit gre host 194.78.62.249 host 213.86.84.36
permit esp host 80.160.18.254 host 213.86.84.36
permit gre host 80.160.18.254 host 213.86.84.36
permit esp host 81.43.111.79 host 213.86.84.36
permit gre host 81.43.111.79 host 213.86.84.36
permit udp host 81.43.111.79 host 213.86.84.36 eq isakmp
permit udp host 80.160.18.254 host 213.86.84.36 eq isakmp
permit esp host 80.121.255.154 host 213.86.84.36
permit udp host 80.121.255.154 host 213.86.84.36 eq isakmp
permit gre host 80.121.255.154 host 213.86.84.36
permit esp host 62.181.206.66 host 213.86.84.36
permit udp host 62.181.206.66 host 213.86.84.36 eq isakmp
permit gre host 62.181.206.66 host 213.86.84.36
permit esp host 81.214.137.132 host 213.86.84.36
permit udp host 81.214.137.132 host 213.86.84.36 eq isakmp
permit gre host 81.214.137.132 host 213.86.84.36
permit gre host 84.14.12.50 host 213.86.84.36
permit esp host 84.14.12.50 host 213.86.84.36
permit udp host 84.14.12.50 host 213.86.84.36 eq isakmp
permit gre host 212.18.46.98 host 213.86.84.36
permit esp host 212.18.46.98 host 213.86.84.36
permit udp host 212.18.46.98 host 213.86.84.36 eq isakmp
permit esp host 65.171.12.3 host 213.86.84.36
permit udp host 65.171.12.3 host 213.86.84.36 eq isakmp
permit gre host 65.171.12.3 host 213.86.84.36
permit esp host 217.37.142.21 host 213.86.84.36
permit udp host 217.37.142.21 host 213.86.84.36 eq isakmp
permit gre host 217.37.142.21 host 213.86.84.36
permit esp host 212.97.47.250 host 213.86.84.36
permit udp host 212.97.47.250 host 213.86.84.36 eq isakmp
permit gre host 212.97.47.250 host 213.86.84.36
permit esp host 62.23.116.210 host 213.86.84.36
permit udp host 62.23.116.210 host 213.86.84.36 eq isakmp
permit gre host 62.23.116.210 host 213.86.84.36
permit esp host 192.38.226.58 host 213.86.84.36
permit udp host 192.38.226.58 host 213.86.84.36 eq isakmp
permit gre host 192.38.226.58 host 213.86.84.36
permit esp host 194.20.6.58 host 213.86.84.36
permit udp host 194.20.6.58 host 213.86.84.36 eq isakmp
permit gre host 194.20.6.58 host 213.86.84.36
permit gre host 82.148.33.201 host 213.86.84.36
permit esp host 212.42.191.29 host 213.86.84.36
permit udp host 212.42.191.29 host 213.86.84.36 eq isakmp
permit gre host 212.42.191.29 host 213.86.84.36
permit gre host 195.47.106.203 host 213.86.84.36
permit esp host 84.14.90.26 host 213.86.84.36
permit udp host 84.14.90.26 host 213.86.84.36 eq isakmp
permit gre host 84.14.90.26 host 213.86.84.36
permit udp host 195.47.106.203 host 213.86.84.36 eq isakmp
permit esp host 216.110.25.3 host 213.86.84.36
permit esp host 85.88.145.34 host 213.86.84.36
permit udp host 85.88.145.34 host 213.86.84.36 eq isakmp
permit gre host 85.88.145.34 host 213.86.84.36
permit esp host 62.97.66.234 host 213.86.84.36
permit udp host 62.97.66.234 host 213.86.84.36 eq isakmp
permit gre host 62.97.66.234 host 213.86.84.36
permit esp host 195.47.106.203 host 213.86.84.36
permit esp host 87.139.90.51 host 213.86.84.36
permit udp host 87.139.90.51 host 213.86.84.36 eq isakmp
permit gre host 87.139.90.51 host 213.86.84.36
permit esp host 195.50.151.10 host 213.86.84.36
permit udp host 195.50.151.10 host 213.86.84.36 eq isakmp
permit gre host 195.50.151.10 host 213.86.84.36
permit esp host 80.188.106.153 host 213.86.84.36
permit esp host 81.243.250.57 host 213.86.84.36
permit gre host 195.29.84.134 host 213.86.84.36
permit udp host 195.29.84.134 host 213.86.84.36 eq isakmp
permit esp host 195.29.84.134 host 213.86.84.36
permit udp host 83.71.191.65 host 213.86.84.36 eq isakmp
permit gre host 83.71.191.65 host 213.86.84.36
permit esp host 83.71.191.65 host 213.86.84.36
permit udp host 195.168.42.234 host 213.86.84.36 eq isakmp
permit gre host 195.168.42.234 host 213.86.84.36
permit esp host 195.168.42.234 host 213.86.84.36
permit udp host 195.56.169.77 host 213.86.84.36 eq isakmp
permit gre host 195.56.169.77 host 213.86.84.36
permit esp host 195.56.169.77 host 213.86.84.36
permit esp host 212.4.70.218 host 213.86.84.36
permit udp host 212.4.70.218 host 213.86.84.36 eq isakmp
permit gre host 212.4.70.218 host 213.86.84.36
permit esp host 62.28.21.152 host 213.86.84.36
permit udp host 62.28.21.152 host 213.86.84.36 eq isakmp
permit gre host 62.28.21.152 host 213.86.84.36
permit esp host 193.69.147.194 host 213.86.84.36
permit udp host 193.69.147.194 host 213.86.84.36 eq isakmp
permit gre host 193.69.147.194 host 213.86.84.36
permit esp host 217.197.166.203 host 213.86.84.36
permit udp host 217.197.166.203 host 213.86.84.36 eq isakmp
permit gre host 217.197.166.203 host 213.86.84.36
permit esp host 62.173.177.18 host 213.86.84.36
permit udp host 62.173.177.18 host 213.86.84.36 eq isakmp
permit gre host 62.173.177.18 host 213.86.84.36
permit udp host 85.105.82.34 host 213.86.84.36 eq isakmp
permit gre host 85.105.82.34 host 213.86.84.36
permit udp host 82.148.33.201 host 213.86.84.36 eq isakmp
permit esp host 82.148.33.201 host 213.86.84.36
permit udp host 213.27.198.225 host 213.86.84.36 eq isakmp
permit gre host 213.27.198.225 host 213.86.84.36
permit esp host 213.27.198.225 host 213.86.84.36
permit esp host 85.105.82.34 host 213.86.84.36
permit udp host 62.97.68.18 host 213.86.84.36 eq isakmp
permit gre host 62.97.68.18 host 213.86.84.36
permit esp host 62.97.68.18 host 213.86.84.36
permit gre host 86.47.223.243 host 213.86.84.36
permit esp host 86.47.223.243 host 213.86.84.36
permit udp host 62.168.12.22 host 213.86.84.36 eq isakmp
permit udp host 86.47.223.243 host 213.86.84.36 eq isakmp
permit gre host 213.229.143.18 host 213.86.84.36
permit esp host 213.229.143.18 host 213.86.84.36
permit udp host 213.229.143.18 host 213.86.84.36 eq isakmp
permit udp host 125.255.97.170 host 213.86.84.36 eq isakmp
permit gre host 125.255.97.170 host 213.86.84.36
permit esp host 125.255.97.170 host 213.86.84.36
permit udp host 194.100.134.50 host 213.86.84.36 eq isakmp
permit gre host 194.100.134.50 host 213.86.84.36
permit esp host 194.100.134.50 host 213.86.84.36
permit udp host 216.110.25.3 host 213.86.84.36 eq isakmp
permit gre host 216.110.25.3 host 213.86.84.36
permit gre host 217.108.137.177 host 213.86.84.36
permit esp host 217.108.137.177 host 213.86.84.36
permit udp host 217.108.137.177 host 213.86.84.36 eq isakmp
permit udp host 85.105.172.137 host 213.86.84.36 eq isakmp
permit gre host 85.105.172.137 host 213.86.84.36
permit esp host 85.105.172.137 host 213.86.84.36
permit udp host 78.189.190.15 host 213.86.84.36 eq isakmp
permit gre host 78.189.190.15 host 213.86.84.36
permit esp host 78.189.190.15 host 213.86.84.36
permit udp host 78.189.180.15 host 213.86.84.36 eq isakmp
permit gre host 78.189.180.15 host 213.86.84.36
permit esp host 78.189.180.15 host 213.86.84.36
permit gre host 193.85.249.170 host 213.86.84.36
permit esp host 193.85.249.170 host 213.86.84.36
permit udp host 193.85.249.170 host 213.86.84.36 eq isakmp
permit gre host 212.145.144.166 host 213.86.84.36
permit esp host 212.145.144.166 host 213.86.84.36
permit udp host 212.145.144.166 host 213.86.84.36 eq isakmp
permit gre host 95.60.254.66 host 213.86.84.36
permit esp host 95.60.254.66 host 213.86.84.36
permit udp host 95.60.254.66 host 213.86.84.36 eq isakmp
permit udp host 188.111.86.138 host 213.86.84.36 eq isakmp
permit gre host 188.111.86.138 host 213.86.84.36
permit esp host 188.111.86.138 host 213.86.84.36
permit esp host 90.182.141.126 host 213.86.84.36
permit gre host 90.182.141.126 host 213.86.84.36
permit udp host 90.182.141.126 host 213.86.84.36 eq isakmp
permit udp host 78.189.29.41 host 213.86.84.36 eq isakmp
permit gre host 78.189.29.41 host 213.86.84.36
permit esp host 78.189.29.41 host 213.86.84.36
permit esp host 90.182.146.202 host 213.86.84.36
permit udp host 90.182.146.202 host 213.86.84.36 eq isakmp
permit gre host 90.182.146.202 host 213.86.84.36
permit udp host 212.145.145.138 host 213.86.84.36 eq isakmp
permit gre host 212.145.145.138 host 213.86.84.36
permit esp host 212.145.145.138 host 213.86.84.36
permit udp host 212.145.145.142 host 213.86.84.36 eq isakmp
permit gre host 212.145.145.142 host 213.86.84.36
permit esp host 212.145.145.142 host 213.86.84.36
permit udp host 212.145.145.150 host 213.86.84.36 eq isakmp
permit gre host 212.145.145.150 host 213.86.84.36
permit esp host 212.145.145.150 host 213.86.84.36
permit udp host 81.180.118.220 host 213.86.84.36 eq isakmp
permit gre host 81.180.118.220 host 213.86.84.36
permit esp host 81.180.118.220 host 213.86.84.36
permit udp host 78.189.227.75 host 213.86.84.36 eq isakmp
permit gre host 78.189.227.75 host 213.86.84.36
permit esp host 78.189.227.75 host 213.86.84.36
deny ip any any log
access-list 178 permit gre host 213.86.84.36 host 62.28.21.152
remote site...
ip access-list extended outside_access_in
permit tcp 212.58.55.192 0.0.0.63 host 62.28.21.152 eq 22
permit esp host 84.252.208.82 host 62.28.21.152
permit gre host 84.252.208.82 host 62.28.21.152
permit udp host 84.252.208.82 host 62.28.21.152 eq isakmp
permit icmp host 84.252.208.82 host 62.28.21.152
permit tcp host 84.252.208.82 host 62.28.21.152 eq 22
permit esp host 213.86.84.36 host 62.28.21.152
permit icmp 212.58.55.192 0.0.0.63 host 62.28.21.152
permit icmp 85.88.145.32 0.0.0.3 host 62.28.21.152
permit tcp 85.88.145.32 0.0.0.3 host 62.28.21.152 eq 22
permit gre host 213.86.84.36 host 62.28.21.152
permit esp host 213.86.84.196 host 62.28.21.152
permit gre host 213.86.84.196 host 62.28.21.152
permit udp host 213.86.84.196 host 62.28.21.152 eq isakmp
permit udp host 213.86.84.36 host 62.28.21.152 eq isakmp
permit esp host 216.110.25.3 host 62.28.21.152
permit gre host 216.110.25.3 host 62.28.21.152
permit udp host 216.110.25.3 host 62.28.21.152 eq isakmp
permit esp host 85.88.145.34 host 62.28.21.152
permit gre host 85.88.145.34 host 62.28.21.152
permit udp host 85.88.145.34 host 62.28.21.152 eq isakmp
permit icmp host 85.88.145.34 host 62.28.21.152
permit icmp host 62.48.177.146 host 62.28.21.152
deny ip 10.0.176.0 0.0.15.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 172.16.0.0 0.15.255.255 any log
deny ip 192.168.0.0 0.0.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip host 255.255.255.255 any log
permit tcp 213.86.84.32 0.0.0.31 host 62.28.21.152 eq 22
permit icmp 213.86.84.32 0.0.0.31 host 62.28.21.152
permit tcp 213.86.84.192 0.0.0.31 host 62.28.21.152 eq 22
permit icmp 213.86.84.192 0.0.0.31 host 62.28.21.152
deny ip any any log
!
access-list 179 permit gre host 62.28.21.152 host 213.86.84.36
I have quick query ..is this site new implementation ? or was it working previously & now is down .
I have seen scenarios of such if it was implemented and working properly and after few days it goes down.
1) pls ping remote end ipsec peer IP from HUB if it ping its OK not pinging then check if any ISP isssue.
2) pls past o/p of sh crypto isakmp sa | i 20.20.20.20 ...remote location of remote peer
3) try to remove crypto config from router and again reinsert it.
4) if dont want to 3rd step reboot remote router...
ipsec behaves in weird way..
I have seen scenarios of such if it was implemented and working properly and after few days it goes down.
1) pls ping remote end ipsec peer IP from HUB if it ping its OK not pinging then check if any ISP isssue.
2) pls past o/p of sh crypto isakmp sa | i 20.20.20.20 ...remote location of remote peer
3) try to remove crypto config from router and again reinsert it.
4) if dont want to 3rd step reboot remote router...
ipsec behaves in weird way..