Solved

How can I keep a VPN connection alive in Cisco IOS

Posted on 2011-09-09
7
674 Views
Last Modified: 2012-05-12
Hi Experts,

Here is the problem :
Router A with fixed IP, Router B with dynamic IP
So, according to what I read, only router B can initiate the VPN connection.
When I try to reach Router A from Router B, the VPN goes up instantly and everything works perfectly.
The problem is that I only need the VPN connection from A to B, and when A needs to communicate, the VPN is down for time out reason and the VPN can be initiated this way.
I though that entering "crypto isakmp keepalive 20 periodic" on Router B will solve the problem but no.

Can you help me please ?
0
Comment
Question by:Galadorn
  • 4
  • 3
7 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36509096
What you could try is  set up NTP and have the router synchronize its clock to the VPN peer. That should keep the tunnel up.
0
 

Author Comment

by:Galadorn
ID: 36509196
How strange it is really that VPN is so easy with a Linksys RV042 and so difficult with a Cisco. In RV042, when you check "Keepalive", the VPN never goes down. There's no equivalent in IOS ?
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 36509276
You could try: crypto ipsec security-association idle-time 86400

That's the max number of seconds but perhaps that is enough.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Galadorn
ID: 36527435
It's enough time and a good turn around solution. Thanks.
But I finally managed to initiate VPN from Router A.
Thanks for your help.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36531455
Thx for the points :)

So you got it working? Would you care to tell how you did that? I'm always curious ;)
0
 

Author Comment

by:Galadorn
ID: 36534987
Sure.
Instead of configuring a dynamic crypto map, configure a standard static crypto map as if you had a fixed IP.
When you configure the peer address, use the "set peer <my ddns name here> dynamic" command. I've never realised that you could specify "dynamic" at the end...
This way, the peer is resolved each time a new VPN connection has to be established.

I tried lots of time before but without the "dynamic" keyword I didn't even noticed and of course, it didn't worked this way because the IP address was resolved and directly hardcoded in the router. It was only working until the change of the IP's remote router.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 36541342
Cool, haven't used that before (too much focused on static ip's :-~ ).
Thanks for the info!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
nmap scanner? 7 82
server plus 2 47
Quality settings for cisco routers 8 24
EIGRP on point-to-point vlan 14 27
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now