Problem solve Get help with specific problems with your technologies, process and projects.

Handle unexpected Cisco bugs

Dealing with some funny bugs.

As fantastic as Cisco's IOS is, it's not completely bug-free. And unfortunately, these bugs often occur in the most complicated configurations like IPSec implementations. One particularly annoying issue that plagues several versions happens when IOS attempts to set up an encrypted tunnel, but the tunnel fails. At some point, the information in the router's memory doesn't get cleared when it should and this prevents the success of future attempts. This can drive technicians crazy, because the configuration was working in the past, and suddenly seems not to be working.

If you ever experience such a scenario, you can often resolve the problem by clearing the information in the router's memory. Rebooting the routers in question should solve the problem, but there are several less-drastic measures you should pursue first.

Start by removing the crypto map statements from the interface configs. Of course, this isn't always an option, since you may have active tunnels on the same interface and removing the crypto maps would disrupt that service. In that case, you can also attempt the commands:

Clear crypto sa
Clear crypto isa
No crypto ipsec sa

Once you have taken the unwanted information from the router's memory, the tunnel should come up.

Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.

This was last published in February 2003

Dig Deeper on Network Infrastructure

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.