IPSecTunnel SAs

rockinb4u · December 8, 2009, 8:57am

Hello,

I configured a IPSec VPN Tunnel between Mikrotik and a Cisco router…there will be continuous traffic flow between the LAN segments but still the Tunnel goes down 3-4 times within a day for which we need to login to the cisco router and clear the SAs (security associations) which brings the Tunnel back UP.

Please suggest if there is a way where the SAs will not vanish automatically untill and unless there isn’t any traffic between the LAN segments.

Regards
Rakesh

sergejs · December 8, 2009, 1:38pm

Rakesh, could you check the logs, why tunnel is being disconnected?

rockinb4u · December 9, 2009, 5:43am

There aren’t any logs when its going down..

sergejs · December 9, 2009, 8:31am

On MikroTik you can enable ipsec,debug logs, in

/system logging add topics=ipsec,debug action=memory

you will get more detailed information about what is going on with your IPSec.