• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 135
  • Last Modified:

Cisco Router

I have 3 Cisco 520W small business router in our network.  One of our VPN connections is dropping its connection approximately every hour or so today.

There are some common errors that I am seeing  below:

Wed Aug 06 13:21:26 2014 (GMT -0300): [Cisco] [IKE] ERROR:  encryption 5 failed.
Wed Aug 06 13:21:26 2014 (GMT -0300): [Cisco] [IKE] ERROR:  failed to start post getspi.
Wed Aug 06 13:21:26 2014 (GMT -0300): [Cisco] [IKE] INFO:  an undead schedule has been deleted: 'quick_i1prep'.
0
beckredder
Asked:
beckredder
  • 4
  • 3
1 Solution
 
giltjrCommented:
Are there any other errors right before that that may say something about phase 2 renegotiation?
0
 
beckredderAuthor Commented:
These are the only errors logged.

Wed Aug 06 13:21:26 2014 (GMT -0300): [Cisco] [IKE] INFO:  Configuration found for xxx.xxx.xxx.xxx
Wed Aug 06 13:21:26 2014 (GMT -0300): [Cisco] [IKE] INFO:  Configuration found for xxx.xxx.xxx.xxx
Wed Aug 06 13:21:26 2014 (GMT -0300): [Cisco] [IKE] INFO:  Initiating new phase 2 negotiation: xxx.xxx.xxx.xxx[0]<=>xxx.xxx.xxx.xxx[0]
0
 
giltjrCommented:
Does the other side get any errors?  What is on the other side?
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
beckredderAuthor Commented:
On the other side is the exact same model router and its not getting the same errors.  There are three locations.

"A" has the errors

"A" loses connection with "B"

"A" keeps connection always with "C"

"B" keeps connection always with "C"
0
 
giltjrCommented:
Sorry about asking so many questions.

Are the VPN connections new, or have they been running without problems for awhile?

I would verify that the config between A and B are the same.  Obliviously something is failing during the phase 2 renegotiation which I am assuming you have setup to do every 3600 seconds.

You may have to restart "router A."
0
 
beckredderAuthor Commented:
The VPN connections are not new; I believe they have been in place since may of 2011.

I can verify that the configurations on all 3 routers are all the same and they are all setup to renegotiate every 3600 seconds.

We were rebooting B when connection was lost and the VPN connection came back up.

Funny thing is that at 2:55 EST, the connection between A and B was expiring however this time it connected and the VPN stayed stable.  (10 minutes ago approximately)
0
 
beckredderAuthor Commented:
Thanks!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now