Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
305
Views
0
Helpful
1
Replies

Ipsec tunnel between 2 pixes, v7.0 and v6.3(4)

mrouch
Level 1
Level 1

‎11-11-2005 05:39 PM - edited ‎02-21-2020 02:06 PM

I have a functioning IPSec tunnel between two pixes. One is a 525 running 6.3(4) of the code, the other is a 515E running 7.0. The tunnel comes up OK, but if it drops because of a lack of interesting traffic, the tunnel will not come back up UNLESS new interesting traffic originates from the 515E (running 7.0). Interesting traffic from the 525 will NOT bring up the tunnel.

The config I used on both boxes is a standard script that I use all the time for setting up IPSec tunnels between pixes running v6.3(x). With those older IOS boxes the tunnel always works fine, and communication can be initiated from either side.

Is some default isakmp or ipsec setting in v7.0 different from v6.3? I notice that running "sh crypto isakmp sa" shows that the 515E's role is "initiator". Does that mean it MUST initiate the connection? Is there a way to make it both "initiator" and "responder"?

Labels:
0 Helpful
1 Reply 1

m.sir
Level 7
Level 7

‎11-12-2005 04:08 AM

Try on 525 command

isakmp keepalive 10 2

0 Helpful
Customers Also Viewed These Support Documents