topic Re: Crypto Map Dynamic IP Reconnection Issues in Network Security https://community.cisco.com/t5/network-security/crypto-map-dynamic-ip-reconnection-issues/m-p/275691#M1060098 <HTML><HEAD></HEAD><BODY><P>It'll be because the PIX doesn't recognise that the tunnel has gone down, and therefore still tries the old tunnel and nothing works, until you reboot the PIX or clear down the tunnels. All this does is make the PIX build new tunnels and everything works.</P><P></P><P>You need to enable ISAKMP keepalives on both ends so that they'll determine that the other end has gone down and reset their own tunnels, allowing new ones to be built.</P><P></P><P>Use:</P><P><B></B></P><P>crypto isakmp keepalive 30</P><P></P><P>on the router, and:</P><P><B></B></P><P>isakmp keepalive 30</P><P></P><P>on the PIX and they'll send keepalives every 30 seconds then and quickly know if the other end has died.</P></BODY></HTML> Wed, 21 Apr 2004 00:11:18 GMT gfullage 2004-04-21T00:11:18Z Crypto Map Dynamic IP Reconnection Issues https://community.cisco.com/t5/network-security/crypto-map-dynamic-ip-reconnection-issues/m-p/275690#M1060095 <P>Hello,</P><P></P><P>We are connecting using at each remote site a Cisco 837 router with a ISDN modem as a passthrough to a PIX Firewall.</P><P></P><P>Each time the ISDN connection drops the Cisco box either requires a reboot or the crypto map to be restarted before anyone can connect through to the PIX. Has anyone got any ideas please?</P><P></P><P>Many Thanks</P><P></P><P>Mark</P> Fri, 21 Feb 2020 07:21:09 GMT https://community.cisco.com/t5/network-security/crypto-map-dynamic-ip-reconnection-issues/m-p/275690#M1060095 mh144831 2020-02-21T07:21:09Z Re: Crypto Map Dynamic IP Reconnection Issues https://community.cisco.com/t5/network-security/crypto-map-dynamic-ip-reconnection-issues/m-p/275691#M1060098 <HTML><HEAD></HEAD><BODY><P>It'll be because the PIX doesn't recognise that the tunnel has gone down, and therefore still tries the old tunnel and nothing works, until you reboot the PIX or clear down the tunnels. All this does is make the PIX build new tunnels and everything works.</P><P></P><P>You need to enable ISAKMP keepalives on both ends so that they'll determine that the other end has gone down and reset their own tunnels, allowing new ones to be built.</P><P></P><P>Use:</P><P><B></B></P><P>crypto isakmp keepalive 30</P><P></P><P>on the router, and:</P><P><B></B></P><P>isakmp keepalive 30</P><P></P><P>on the PIX and they'll send keepalives every 30 seconds then and quickly know if the other end has died.</P></BODY></HTML> Wed, 21 Apr 2004 00:11:18 GMT https://community.cisco.com/t5/network-security/crypto-map-dynamic-ip-reconnection-issues/m-p/275691#M1060098 gfullage 2004-04-21T00:11:18Z