Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How can I keep a VPN connection alive in Cisco IOS

Posted on 2011-09-09
7
Medium Priority
?
733 Views
Last Modified: 2012-05-12
Hi Experts,

Here is the problem :
Router A with fixed IP, Router B with dynamic IP
So, according to what I read, only router B can initiate the VPN connection.
When I try to reach Router A from Router B, the VPN goes up instantly and everything works perfectly.
The problem is that I only need the VPN connection from A to B, and when A needs to communicate, the VPN is down for time out reason and the VPN can be initiated this way.
I though that entering "crypto isakmp keepalive 20 periodic" on Router B will solve the problem but no.

Can you help me please ?
0
Comment
Question by:Galadorn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36509096
What you could try is  set up NTP and have the router synchronize its clock to the VPN peer. That should keep the tunnel up.
0
 

Author Comment

by:Galadorn
ID: 36509196
How strange it is really that VPN is so easy with a Linksys RV042 and so difficult with a Cisco. In RV042, when you check "Keepalive", the VPN never goes down. There's no equivalent in IOS ?
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 2000 total points
ID: 36509276
You could try: crypto ipsec security-association idle-time 86400

That's the max number of seconds but perhaps that is enough.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 

Author Comment

by:Galadorn
ID: 36527435
It's enough time and a good turn around solution. Thanks.
But I finally managed to initiate VPN from Router A.
Thanks for your help.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36531455
Thx for the points :)

So you got it working? Would you care to tell how you did that? I'm always curious ;)
0
 

Author Comment

by:Galadorn
ID: 36534987
Sure.
Instead of configuring a dynamic crypto map, configure a standard static crypto map as if you had a fixed IP.
When you configure the peer address, use the "set peer <my ddns name here> dynamic" command. I've never realised that you could specify "dynamic" at the end...
This way, the peer is resolved each time a new VPN connection has to be established.

I tried lots of time before but without the "dynamic" keyword I didn't even noticed and of course, it didn't worked this way because the IP address was resolved and directly hardcoded in the router. It was only working until the change of the IP's remote router.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36541342
Cool, haven't used that before (too much focused on static ip's :-~ ).
Thanks for the info!
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question