Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
1
Replies

Always-up IOS-to-CVPN Client VPN tunnel --Is this possible?

armando.costilla
Level 1
Level 1

‎01-02-2008 11:24 AM - edited ‎02-21-2020 03:27 PM

Hello experts.

I've been browsing the forum looking for an answer to this question. Most of the replies suggest either disabling keepalives or extending the time-period between them.

Based on our experience even when disabling keepalives, we've noticed the Cisco VPN Client connection goes down while passing traffic if the 86400 secs IKE phase I lifetime expires.

We know the VPN client profile config on the ASA does offer a couple of commands to enable an always-up tunnel. Can this be done with an IOS box?

Your help is greatly appreciated here!

Labels:
0 Helpful
1 Reply 1

duane.larson
Level 1
Level 1

‎04-21-2008 01:08 PM

I am having the same issues. I have another post on here that talks about this, but on solution yet. If the remote end is an ASA then you won't have any issues. The only way I have solved this issue on the IOS routers is to set the ISAKMP and IPSEC lifetime to something below 40 minutes. The closer you get to 1 minutes you will notice that the VPN tunnel will not drop. The only reason I don't really want to do this is because I am not sure how this will affect my 5520 here at the Data Center if I have a lot of remote 1841's out there

0 Helpful
Customers Also Viewed These Support Documents