cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
411
Views
5
Helpful
2
Replies
Reyad Safi
Beginner

vpn problem

hi all

im facing a problem on vpn connection between 877 routers and the ASA.

my design depends on connecting the 877 router to ADSL/broad band modem , and configuring the router to establesh the vpn connection with the ASA through pre-shared key, some ISP's make a force renew to the public IP address on the ADSL modem which is already used by my 877 router for the vpn connection. so the 877 VPN light keeps light on ,while there's no traffic through the tunnel , and the vpn light keeps on untill rekeying , then the 877 router establish a new vpn connection with the new public ip address.

my question is there any way to avoid this interrubtion at the vpn tunnel

regards

Reyad

1 ACCEPTED SOLUTION

Accepted Solutions
Jennifer Halim
Cisco Employee

You can configure keepalive on the 877 router so it will check the VPN connection, and when the public ip address changes, and there is no reply to the keepalive, it will tear down the VPN. The VPN tunnel will get re-establish when interesting traffic is sent through between the 2 sites.

Command:

Router: crypto isakmp keepalive

http://www.cisco.com/en/US/partner/docs/ios/security/command/reference/sec_c4.html#wp1057298

Hope that helps.

View solution in original post

2 REPLIES 2
Jennifer Halim
Cisco Employee

You can configure keepalive on the 877 router so it will check the VPN connection, and when the public ip address changes, and there is no reply to the keepalive, it will tear down the VPN. The VPN tunnel will get re-establish when interesting traffic is sent through between the 2 sites.

Command:

Router: crypto isakmp keepalive

http://www.cisco.com/en/US/partner/docs/ios/security/command/reference/sec_c4.html#wp1057298

Hope that helps.

Dear Mr/Mrs. halim Yes I used it and its working , thank you for your cooperation. Reyad

Create
Recognize Your Peers
Content for Community-Ad