Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How can I keep a VPN connection alive in Cisco IOS

Posted on 2011-09-09
7
Medium Priority
?
749 Views
Last Modified: 2012-05-12
Hi Experts,

Here is the problem :
Router A with fixed IP, Router B with dynamic IP
So, according to what I read, only router B can initiate the VPN connection.
When I try to reach Router A from Router B, the VPN goes up instantly and everything works perfectly.
The problem is that I only need the VPN connection from A to B, and when A needs to communicate, the VPN is down for time out reason and the VPN can be initiated this way.
I though that entering "crypto isakmp keepalive 20 periodic" on Router B will solve the problem but no.

Can you help me please ?
0
Comment
Question by:Galadorn
  • 4
  • 3
7 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36509096
What you could try is  set up NTP and have the router synchronize its clock to the VPN peer. That should keep the tunnel up.
0
 

Author Comment

by:Galadorn
ID: 36509196
How strange it is really that VPN is so easy with a Linksys RV042 and so difficult with a Cisco. In RV042, when you check "Keepalive", the VPN never goes down. There's no equivalent in IOS ?
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 2000 total points
ID: 36509276
You could try: crypto ipsec security-association idle-time 86400

That's the max number of seconds but perhaps that is enough.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:Galadorn
ID: 36527435
It's enough time and a good turn around solution. Thanks.
But I finally managed to initiate VPN from Router A.
Thanks for your help.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36531455
Thx for the points :)

So you got it working? Would you care to tell how you did that? I'm always curious ;)
0
 

Author Comment

by:Galadorn
ID: 36534987
Sure.
Instead of configuring a dynamic crypto map, configure a standard static crypto map as if you had a fixed IP.
When you configure the peer address, use the "set peer <my ddns name here> dynamic" command. I've never realised that you could specify "dynamic" at the end...
This way, the peer is resolved each time a new VPN connection has to be established.

I tried lots of time before but without the "dynamic" keyword I didn't even noticed and of course, it didn't worked this way because the IP address was resolved and directly hardcoded in the router. It was only working until the change of the IP's remote router.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36541342
Cool, haven't used that before (too much focused on static ip's :-~ ).
Thanks for the info!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question