Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
798
Views
5
Helpful
2
Replies

IOS EZVPN client timeout

rnbutturini
Level 1
Level 1

‎07-11-2011 05:12 AM

I have a 3825 configured as an EZVPN server with 881 routers as clients. One issue I am seeing is that sessions don't seem to time out, such as when a peer's public IP changes. Show crypto ISAKMP peer shows the same host (using device certificates for authentication) with multiple public IPs establishing sessions. I have ISAKMP keepalives configured on the router. I'm sure it's just a simple configuration I am missing. Any suggestions?

Sent from Cisco Technical Support iPad App

Labels:
0 Helpful
2 Replies 2

denizkaya
Level 1
Level 1

‎07-13-2011 06:39 AM

Use VTI based ezvpn and the commands below...

crypto ipsec profile p1

set security-association idle-time 60

rnbutturini
Level 1
Level 1
In response to denizkaya

‎07-13-2011 06:41 AM

Thanks! I was already using VTI, but did not have this command.  Much appreciated. 

0 Helpful
Customers Also Viewed These Support Documents