09-29-2009 01:20 AM
Hi,
I have a cisco 2801 router, configured to support VPN clients, but sometimes the status of the connection goes to Up-Idle, and it needs long time to recover by itself.
so Is there a way where you can specify the time out for the UpIdle VPN connections ?
Regards
09-29-2009 03:19 AM
Hello Omar,
Where do you see the UP-IDLE status?
Does "sh cry session" status should that as the session status. If so, is there another session created for this client.
OR
Can you send me the output of where you are seeing this.
Does "sh cry isa sa" show the session to be in this status or QM_IDLE.
Thanks
Gilbert
09-29-2009 04:32 AM
C2801-INT# sh cry sess
Interface: Serial0/1/0
Username: user
Profile: profile
Group: profile
Assigned address: 172.16.1.109
Session status: UP-IDLE
Peer: x.x.x.x port 53217
IKE SA: local x.x.x.x/4500 remote x.x.x.x/53217 Active
sh cry isa sa
IPv4 Crypto ISAKMP SA
dst src state conn-id slot status
x.x.x.x x.x.x.x CONF_XAUTH 1186 0 ACTIVE
IPv6 Crypto ISAKMP SA
---------------------------
The connection goes to the idle state, and i have to clear it manually so it can be used again, since i'm using a profile with a pool of one ip address, but if it was reserved and having the idle state, there will be no traffic and you cant establish another vpn connection using the same profile since the pool will have no other IPs to assign.
hope my point was clear
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide