12-06-2011 01:47 PM
Hello
it seems when a client disconnects from easy vpn server the isakmp session won't terminate at all. As i wrote on a previous post i have problem when a clients disconnects aggressively from easy vpn server ios router: ip local pool won't refresh due to the fact that virtual-access x stays up. Is there any way to automate this?
thank you in advance
12-06-2011 02:33 PM
crypto isakmp keepalive
is the command we use to detect peers which no longer are alive (DPD - Dead Peer Detection).
Try it out.
M.
12-06-2011 07:45 PM
Hello Marcin
Thanx for your reply. It seems that " set security-association idle-time " was causinng trouble. I have already keepalive command applied on isakmp profile. Now session disconnect immediately as it should.
Hopefully removing this command won't get me into any more troubles.. we'll see :/
TX
Alex
12-06-2011 11:54 PM
Alex,
idle-time is not ideal for all scenarios :-)
While it might work OK for VPN client, we typically say to avoid it for static peers.
You might consider extending your VPN address pool, too? :-)
Marcin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide