11-14-2001 06:44 AM - edited 02-21-2020 11:29 AM
I have a customer who wants to have a router on one site, with ISDN Internet access, and use this to connect to a central site using IPSec/VPN. Are there any pointers to what I configure in the dialer-list to only dial when there is 'real' traffic, and not have it permanently connected due to the IPSec/IKE etc. maintaining a connection to the central site.
11-20-2001 01:58 PM
Cant you just configure your radius idle timer to whatever you need (use show caller timeout to verify). Define your interesting traffic to bring up the dialer and the tunnel will teardown when inactive based on the timer. Dont use keepalives on your VPN or the tunnel/dialer will stay up forever.
11-21-2001 07:49 AM
If you talk about the IKE keepalive, I may have a workaround for you.
I've not tried, but I heard it from a cisco guy.
You cannot disable the IKE keepalive but you can distinguish them from another IKE trafic because the source address is 0.0.0.0
So, if your dialer-list exclude this trafic, your line will not go up.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide