Community discussions

 
jm1973
just joined
Topic Author
Posts: 8
Joined: Fri Jul 07, 2017 4:59 pm

MT - Cisco IPSec/Gre issue

Wed May 15, 2019 7:02 pm

Hi - thanks in advance for replies.

I have set up a gre/ipsec tunnel from MT to Cisco. It worked but the connection would drop every hours or so, and remain down for 10 minutes then come back up.
Flushing the SAs would bring it back up immediately. Looking in the 'Installed SAs' tab I could see two sets of SAs. One which had 'Current Bytes' incrementing, and the other with Current Bytes at 0.

After some research I tried setting the policy level to unique. I noticed immediately that the extra Installed SA (with 0 current bytes) disappeared and did not reappear.
The tunnel stayed up for several days. So this appeared to fix it.

However, I have since created a further two similar tunnels on the same MT to another cisco router. I set the policy level to 'unique' on the new tunnels. They all work, but they atre now dropping again occasionally. Including the original one which had seemed to be fixed. Looking at the 'Installed SA' tab i am again seeing additional SAs with current bytes 0, as well as the active one with incrementing bytes.

I am using RouterOS 6.37.5 and differing Cisco IOS images on the far end.

It seems like setting the policy level to unique works when there is only one tunnel, but not when there are more than one.

Does anyone have any insight on this please?

Who is online

Users browsing this forum: Bing [Bot] and 83 guests