computertech36
asked on
Site to Site VPN tunnel drops after business hours
Hi all. I have a branch router that has its vpn tunnel go down each night at 420pm after everyone goes home. I can remote into it via dialup and ping our HQ router from the hub and the vpn tunnel comes back up.
How can I keep the tunnel up all the time? I have seen a suggestion of setting up an NTP server. Does anyone know how to do a continuous ping from a hub/switch?
My problem is that I use monitoring software that tells me when a vpn tunnel goes down...it's very annoying.
How can I keep the tunnel up all the time? I have seen a suggestion of setting up an NTP server. Does anyone know how to do a continuous ping from a hub/switch?
My problem is that I use monitoring software that tells me when a vpn tunnel goes down...it's very annoying.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i am using a cisco PIX 515 at our HQ and a Cisco 1750 running 12.1.3(xt2) at the remote location.
I added the following line to our PIX: isakmp keepalive 20
On the remote router, I added the following: crypto isakmp keepalive 20
On thre remote router, I have the following:
crypto isakmp policy 11
hash md5
authentication pre-share
crypto isakmp key test address x.x.x.x
crypto isakmp keepalive 20
On the PIX, I have:
crypto map mymap 8 ipsec-isakmp
crypto map mymap 8 match address chr01rt01ec
crypto map mymap 8 set peer (Ip address of WAN interface of 1750 router)
crypto map mymap 8 set transform-set myset
isakmp key ******** address (Ip address of WAN interface of 1750 router) netmask 255.255.255.248
I added the following line to our PIX: isakmp keepalive 20
On the remote router, I added the following: crypto isakmp keepalive 20
On thre remote router, I have the following:
crypto isakmp policy 11
hash md5
authentication pre-share
crypto isakmp key test address x.x.x.x
crypto isakmp keepalive 20
On the PIX, I have:
crypto map mymap 8 ipsec-isakmp
crypto map mymap 8 match address chr01rt01ec
crypto map mymap 8 set peer (Ip address of WAN interface of 1750 router)
crypto map mymap 8 set transform-set myset
isakmp key ******** address (Ip address of WAN interface of 1750 router) netmask 255.255.255.248
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You're right, it does not impact functionality...but it does get annoying getting a page on my phone that the location is down after hours. Also, I have 40 other branch locations that use like equipment and do not have the issue.
It's not a show stopper, just very annoying.
FYI, I had a 2nd branch that started doing the same thing adn the NTP config worked for that.
Thanks for the responses.
It's not a show stopper, just very annoying.
FYI, I had a 2nd branch that started doing the same thing adn the NTP config worked for that.
Thanks for the responses.
Which VPN endpoint routers are you using at the main site and the branch site(s)?