Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
1
Replies

Easy VPN goes down on the DHCP connection

zheka_pefti
Level 2
Level 2

‎11-18-2008 11:09 AM

Hi folks,

I am starting to pull out my hair in the attempt to understand why the router's interface goes administratively down when the easy VPN client drops the tunnel.

Here's the excerpt from the router log when it happens:

--------------------------------------

086251: Nov 18 01:04:08.705: %CRYPTO-6-EZVPN_CONNECTION_DOWN: (Client) User=Store1301 Group=Stores Server_public_addr=xxx.xxx.xxx.145

086252: Nov 18 01:04:10.689: %LINK-5-CHANGED: Interface FastEthernet4, changed state to administratively down

086253: Nov 18 01:04:11.689: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to down

086254: Nov 18 01:04:13.692: %LINK-3-UPDOWN: Interface FastEthernet4, changed state to up

086255: Nov 18 01:04:14.692: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet4, changed state to up

086256: Nov 18 01:04:18.811: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet4 assigned DHCP address xxx.xxx.xxx.87, mask 255.255.255.0, hostname 1301_Lascolinas

086257: Nov 18 01:04:19.582: %CRYPTO-4-IKMP_NO_SA: IKE message from xxx.xxx.xxx.145 has no SA and is not an initialization offer

086258: Nov 18 01:04:20.374: %CRYPTO-6-EZVPN_CONNECTION_UP: (Client) User=Store1301 Group=Stores Client_public_addr=xxx.xxx.xxx.87 Server_public_addr=xxx.xxx.xxx.145 NEM_Remote_Subnets=10.13.1.128/255.255.255.128 10.13.1.0/255.255.255.128

--------------------------------------

FastEthernet4 is configured to receive an IP via DHCP. I checked the lease time and it turned out to be pretty short:

1301_Lascolinas#show dhcp lease

Temp IP addr: xxx.xxx.xxx.87 for peer on Interface: FastEthernet4

Temp sub net mask: 255.255.255.0

DHCP Lease server: 192.168.0.1, state: 4 Rebinding

DHCP transaction id: 660

Lease: 600 secs, Renewal: 300 secs, Rebind: 525 secs

Even if it is short the router should renews its IP and it is not supposed to bring down the interface.

Is there any way to use a loopback interface for easy VPN client so that VPN always stays up?

Sincerely

Eugene

Labels:
0 Helpful
1 Reply 1

wong34539
Level 6
Level 6

‎11-26-2008 02:45 PM

The loopback interface can be set to use the easy vpn client.

The command used for assigning loopback interface is

Router(config)#interface loopback

The number can be between 0 and 2147483647

A loopback interface is automatically put in "no shutdown" state when created. However, you need to assign an ip address to use a loopback interface.

0 Helpful
Customers Also Viewed These Support Documents