Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
0
Helpful
1
Replies

IPSEC_ACTIVE on VPN 871W but connection is down

vblaha
Level 1
Level 1

‎01-13-2010 01:29 PM

All,

I have an issue with our 871W set up.  When for one reason or another the connection is dropped (in this case I disconnected the uplink to the provider) for the state still says IPSEC_ACTIVE.  The ASA on the other side shows the session disconnected.  I either have to reboot the router or clear the crypto session to be able to intiate the connection again. Any one have any ideas on why this happens and what I can do to fix it?

crypto ipsec client ezvpn xxx
connect manual
group xxx key xxx
mode network-extension
peer xxx
nat allow
xauth userid mode http-intercept

xxx#sh crypto ipsec client ezvpn
Easy VPN Remote Phase: 8

Tunnel name : xxx
Inside interface list: BVI1
Outside interface: FastEthernet4
Current State: IPSEC_ACTIVE
Last Event: CONNECT81
DNS Primary: xxx
Default Domain: xxx
Save Password: Disallowed
       XAuth credentials: HTTP intercepted
       HTTP return code : 200
       IP addr being prompted: 0.0.0.0
Current EzVPN Peer: xxx

Labels:
0 Helpful
1 Reply 1

hdashnau
Cisco Employee
Cisco Employee

‎01-13-2010 05:55 PM

Try turning on dead peer detection (DPD):

crypto isakmp keepalive

It may take a few minutes, but it should sense the tunnel is down and tear it down on the router side so it can be renogiated.

Heres the CLI reference for it:

Easy VPN Remote with DPD Enabled: Example

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtdpmo.html#wp1052316

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtdpmo.html

-heather

0 Helpful
Customers Also Viewed These Support Documents