Solved

Enhanced Easy VPN tunnel establishes and then drops from DSL.

Posted on 2008-10-23
2
915 Views
Last Modified: 2013-12-14
I have an Enhanced Easy VPN server running on a 2801 router at my corporate office.  I am using 851W routers in the field to connect with Easy VPN remote.  This is working great from three locations with cable modems, but when i place an 851W at any of my Bellsouth DSL sites the VPN tunnel establishes connection and stays up for 2-4 minutes and then I lose connectivity.  The VPN light is on on the router at the branch office and it shows as up from the SDM.  And then every hour on the hour for 1 minute the tunnel comes up.  If i ping -t the ip of the remote router from the corporate office with it is up for that 1 minute it will stay up as long as i keep pinging it.  It was up for 12 hours last night and when i ended the ping it was down in just a few minutes.   I am running 12.4 on the 851s.   The funny thing is that i can take this same router with the same config and put it at a cable modem site and the tunnel never fails.
0
Comment
Question by:MBAMike
2 Comments
 

Accepted Solution

by:
MBAMike earned 0 total points
ID: 22787371
I think i may have found a solution to the problem.   I added the lines below to both routers and reset the tunnel. ( i did this initially with SDM which uses dymamic and not periodic by default)

crypto isakmp keepalive 10 periodic

I also found out why the connection would be active every hour.  The "crypto ipsec security-association lifetime" is defaulted to one hour.  I set mine to 2400 which is 20 minutes.  

crypto ipsec security-association lifetime seconds 2400

When i did this the tunnel would become active for a minute or two every 20 minutes.

I also found several posts that suggest this should be set to 24 hours.
crypto ipsec security-association lifetime seconds 86400

I configured the server and remote routers with with SDM and not the command line and i believe this is why the keepalive statements were missing.  

0
 
LVL 9

Expert Comment

by:Press2Esc
ID: 22807991
Interesting....  thanks for the heads up MBA...  P2E
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now