put in vpn on up

csco11579831 · ‎09-16-2013

Hello,

can you tell me how can I return up the VPN tunnel,

FYI

I encounter this problem only after a period XX (probably ater 24 hours or at 9h20min) of inactivity ,

RTR-SDSL#sh crypto isakmp policy

Global IKE policy

Protection suite of priority 1

encryption algorithm: Three key triple DES

hash algorithm: Message Digest 5

authentication method: Pre-Shared Key

Diffie-Hellman group: #2 (1024 bit)

lifetime: 86400 seconds, no volume limit

Default protection suite

encryption algorithm: DES - Data Encryption Standard (56 bit keys).

hash algorithm: Secure Hash Standard

authentication method: Rivest-Shamir-Adleman Signature

Diffie-Hellman group: #1 (768 bit)

lifetime: 86400 seconds, no volume limit

RTR-SDSL#

RTR-SDSL#sh crypto session

Crypto session current status

Interface: FastEthernet0/0

Session status: DOWN

Peer: X.X.X.X port XXXX

IPSEC FLOW: permit ip 0.0.0.0/0.0.0.0 Z.Z.Z.Z/255.255.255.128

Active SAs: 0, origin: crypto map

IPSEC FLOW: permit ip Z.Z.Z.Z/255.255.255.128 0.0.0.0/0.0.0.0

Active SAs: 0, origin: crypto map

malshbou · ‎09-16-2013

Hi,

did you try to enable isakmp keepalives ?

Router(config)#crypto isakmp keepalive 60 10

60 and 10 are only examples here.

------------------
Mashal Shboul

------------------ Mashal Shboul

csco11579831 · ‎09-16-2013

Hi mashal,

could you plz tell me what does mean 60 and 10 value?

Best regards.

malshbou · ‎09-16-2013

Hi,

Router(config)#crypto isakmp keepalive X Y

X: <10-3600> Number of seconds between keep alives

Y : <2-60> Number of seconds between retries if keepalive fails

HTH

------------------
Mashal Shboul

------------------ Mashal Shboul

csco11579831 · ‎09-16-2013

Should I put it on both side or just one?

malshbou · ‎09-16-2013

One side keepalives should be enough here.

------------------
Mashal Shboul

------------------ Mashal Shboul

csco11579831 · ‎09-16-2013

I will test it and I will keep you informed ASAP!!

TNKS!