Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1370
Views
0
Helpful
2
Replies

vpn - gre tunnel - continuous pings require to keep tcp connection alive

james.rohan
Level 1
Level 1

‎01-28-2003 04:54 AM - edited ‎02-20-2020 10:31 PM

Have a situation wherby a server and client exchange data on tcp ports 3299 (client) and > 1023 (server). They are hosted by different service providers with a gre tunnel serviced by static routing running between the two provider's border routers.

The tunnel is shared with other clients but only one complains of timeouts after approx 5 mins.To counteract this the application support people at the server end run continuous pings to the client which allows the traffic flow between server and client as normal.

The tunnel config is as follows

interface Tunnel99

bandwidth 64

ip address 193.95.x.x 255.255.255.252

no ip directed-broadcast

no ip route-cache cef

tunnel source Loopback0

tunnel destination 195.182.x.x

I wonder if anyone else has had experience of a similar fault on a gre tunnel or

if the fault is most likely elsewhere..

Many thanks..

0 Helpful
2 Replies 2

kylseverson
Level 1
Level 1

‎02-10-2003 10:17 AM

GRE tunnels are usually used in combination with a dynamic routing protocol that keeps the tunnel up and active. If you are using static routes there is no traffic to keep the tunnels up when the applications are not transmitting.

You have two options:

1. Increase the isakmp/ipsec lifetimes.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800d981f.html#1001095

2. Setup keepalives (Best Option)

crypto isakmp keepalive (Number of seconds between keep alives) (Number of seconds between retries if keepalive fails)

0 Helpful

james.rohan
Level 1
Level 1
In response to kylseverson

‎02-11-2003 03:37 AM

Many thanks for the response.

We are using statics and this is a simple GRE tunnel (no ipsec).

We haven't explicitly configured timeouts but sh int tunnel indicates that

keepalives are set to 10 secs.

Since logging the call we have changed one of the tunnel end points and the

problem now seems to be resolved but we are none the wiser as to its original cause.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card