07-11-2011 05:12 AM
I have a 3825 configured as an EZVPN server with 881 routers as clients. One issue I am seeing is that sessions don't seem to time out, such as when a peer's public IP changes. Show crypto ISAKMP peer shows the same host (using device certificates for authentication) with multiple public IPs establishing sessions. I have ISAKMP keepalives configured on the router. I'm sure it's just a simple configuration I am missing. Any suggestions?
Sent from Cisco Technical Support iPad App
07-13-2011 06:39 AM
Use VTI based ezvpn and the commands below...
crypto ipsec profile p1
set security-association idle-time 60
07-13-2011 06:41 AM
Thanks! I was already using VTI, but did not have this command. Much appreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide