We have a 2930 at HQ (latest firmware) making IPSEC VPN connections to a bunch of 2820s, 2800s and 2600s (all latest firmware).

We have tried various permutations of dial-in, dial-out and both, and are currently making the 2930 dial out with 'always on'.

Generally, things are very stable, but at times when the VPNs drop, the 2930 doesn't seem to be able to reconnect to the 2600s until we reboot them. When we lose the connections, both the 2930 and the 2600s agree and the links are not listed, but they just don't get re-made.

Before I rush headlong into logs and telnet interfaces etc., any specific things to check out and/or change?

I appreciate the 2600s are getting a bit 'mature', and in an ideal world, I'd replace them, but we have a major overhaul of our WAN structure due in about 3 months (when we may have to change to completely different kit) and so I need to keep things running until at least then, but at the moment a major VPN drop has us doing the rounds (remotely) to reboot the routers.

Any thoughts appreciated

Thanks