Re: SR520 Auto Reconnect VPN Remote Connection

morganharris · ‎04-26-2009

Hi,

I am new to the SR520 router, and I have gotten the vpn server and remote to work. We have 3 of these routers, one at our corporate site, and one at each of our remote sites. The VPN's work good, but I would like them to auto-reconnect because we have some voice traffic that needs to pass over them, and the staff is not very capable of using the connection tool. Is this possible? Is there a time out on them that I can remove?

I have only used the Cisco Configuration Assistant to configure them, and when I used the command line, the vpn's wouldn't work.

Any help would be appreciated.

addis · ‎04-28-2009

The tunnel to the Host will go down at the expiration of the lifetime which is 24 hours in seconds, and cannot be made larger.
Once the tunnel goes down, you need to use a PC to reconnect because of that HTTP Authentication statement in the IOS.

I have not found a way around this in the 8xx Series routers or the SR520.

Steven DiStefano · ‎05-22-2009

Addis and I connected with Andy Hickman who share the following that could work for this.

To keep the tunnel up you can use the auto connect feature of EZVPN. This is pretty straight forward, just do the following:

Starting from a standard configuration built by CCA1.9 for remote access, use the following to allow the remote router to connect automatically to the UC500 VPN server.

On the UC500, add the following configuration via CLI:

crypto isakmp client configuration group EZVPN_GROUP_1
save-password

On the remote device (870 or SR520), add the following configuration via CLI:

crypto ipsec client ezvpn EZVPN_REMOTE_CONNECTION_1
username password

It is also strongly recommended that password encryption is configured on the remote device:

password encryption aes
key config-key password-encrypt