cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

7315
Views
0
Helpful
5
Replies
sunandakrishna
Beginner

Ipsec VPN tunnel keeps dropping

I recently bought and setup a VPN tunnel for a client using a pair of WRVS4400N V2. The setup went well and the VPN tunnel worked.

But atleast once a day the tunnel disconnects (the status says Down). I can manually (remotely) reconnect but would prefer that the tunel

stay connected. Can someone advice if there is anything i can do.

thanks

Venkat Taramangalam

venkat.taramangalam@gmail.com

5 REPLIES 5
mihagan
Beginner

Go into the settings for the tunnel in each router and expand the Advanced options at the bottom of the screen. You will find an option to enable Keep Alive. Turn the Keep Alive option on for both routers and see if that makes any difference for you.

Also verify that you have the latest firmware on both routers which should be 2.0.0.8 for v2.

Thank you. The routers are running firmware version 2.0.0.7.

When i expand the "Advanced" option, i only see two choices:

  Aggressive Mode

  Netbios Broadcast

Both are off by default. I don't see the keepalive option.

thanks

venkat

WRVS4400N does not support Dead Peer Detection. It will reconnect the tunnel when it sees packets that need to get on the tunnel. If you need the tunnel to stay up all the time, you could have a PC making a continuous ping to another PC accross the tunnel. Other Small Business routers such as RV042 and RV082 support DPD and Keep Alive, which can keep the tunnel up.

juunda
Beginner

This could be irrelevant to your situation but I am just suggesting it, sometimes the tunnels go down because your WAN ip address lease changes or needs to be renewed. While this process happens with your ISP the tunnel will go down, and in certain cases your ip could possibly change until it re-associates usually requiring a manual reconnect from the routers interface.  If that is the case you could find out if you could get static wan IP addresses on both sides or consider registering with a DynDNS server to do the tunnels in that fashion instead.

Hi All,

In our network environment, we have setup IPSec tunnel from Mumbai to Hong Kong.

I was facing the same issue and came to know that there was major packet loss from our TELCO side and was unable to forward their traffic from one of them BGP..

increases of IPSec tunnel heart rate help us a bit..

Thank you,

Dp