Solved

How can I keep a VPN connection alive in Cisco IOS

Posted on 2011-09-09
7
725 Views
Last Modified: 2012-05-12
Hi Experts,

Here is the problem :
Router A with fixed IP, Router B with dynamic IP
So, according to what I read, only router B can initiate the VPN connection.
When I try to reach Router A from Router B, the VPN goes up instantly and everything works perfectly.
The problem is that I only need the VPN connection from A to B, and when A needs to communicate, the VPN is down for time out reason and the VPN can be initiated this way.
I though that entering "crypto isakmp keepalive 20 periodic" on Router B will solve the problem but no.

Can you help me please ?
0
Comment
Question by:Galadorn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36509096
What you could try is  set up NTP and have the router synchronize its clock to the VPN peer. That should keep the tunnel up.
0
 

Author Comment

by:Galadorn
ID: 36509196
How strange it is really that VPN is so easy with a Linksys RV042 and so difficult with a Cisco. In RV042, when you check "Keepalive", the VPN never goes down. There's no equivalent in IOS ?
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 36509276
You could try: crypto ipsec security-association idle-time 86400

That's the max number of seconds but perhaps that is enough.
0
Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

 

Author Comment

by:Galadorn
ID: 36527435
It's enough time and a good turn around solution. Thanks.
But I finally managed to initiate VPN from Router A.
Thanks for your help.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36531455
Thx for the points :)

So you got it working? Would you care to tell how you did that? I'm always curious ;)
0
 

Author Comment

by:Galadorn
ID: 36534987
Sure.
Instead of configuring a dynamic crypto map, configure a standard static crypto map as if you had a fixed IP.
When you configure the peer address, use the "set peer <my ddns name here> dynamic" command. I've never realised that you could specify "dynamic" at the end...
This way, the peer is resolved each time a new VPN connection has to be established.

I tried lots of time before but without the "dynamic" keyword I didn't even noticed and of course, it didn't worked this way because the IP address was resolved and directly hardcoded in the router. It was only working until the change of the IP's remote router.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36541342
Cool, haven't used that before (too much focused on static ip's :-~ ).
Thanks for the info!
0

Featured Post

Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month2 days, 19 hours left to enroll

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question