04-07-2012 10:04 PM
I have about 30 remote EZVPN 1811 routers that never come up after a firewall reload for about an hour. I have watched the EZVPN remotes and they believe they still have an IPSEC SA and they never attempt to reconnect until their IKE SA times out. Is there any way I can change this behavior so that the remotes will more rapidly recognize that their SA is invalid and negotiate a new one?
04-07-2012 10:06 PM
I should have said that EZVPN server is a 5520 ASA running 8.2
04-07-2012 11:49 PM
You can try "crypto isakmp keepalive 10 periodic" on router.
IOS code on 1811 Router?
RV
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide