On ROS 6.1 all work fineI couldn't get a solution for this problem. I am changing routes with scripts when the interface VRRP changes its status.
IpSec works through Udp500, but IpSec Nat-T works through Udp4500Can you please explain shortly why do I need the port 4500
Ping remote subnet - run keys generation and creates a tunnel.and what does the netwatch command do?
still not workingDoes it work for you?
In first post i ping from wan interface (directly connected to second router) and ping working.You said it worked in the first post. What have you done since then?
Yes, i do itHave you tried disabling policy and peer on both routers and then enabling them again?
I do it, but nothing.Delete the SAs on both sides, see if it re-negotiates properly again and works after that.
Also, turning on DPD with reasonable values will help this. Like 5 sec and 2 failures.