keepalive mismatch between 3k and Easy VPN clients

Unanswered Question
Mar 2nd, 2007

Hello,

Easy VPN client is running on C800s and tunnels to a 3K concentrator. We have approx 400 remotes up at once. Several times over the course of a week an IPSec tunnel is lost between the 3K and a client. Appears random. Don't know which device is causing the problem.

The keepalive setting on the remotes is 10 sec. I think on the 3k it is 2 sec. I looked at the text version of the 3K config file which showed: keepaliveinterval=2. I don't know how to find the keepalive value using WebVPN, I just know that the keepalive box is checked. Anyhow, what problems could be caused by this mismatch in keepalives if any? Any comments, explanations or references are appreciated. Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kaachary Sat, 03/03/2007 - 04:56

With EasyVPN config, mismatching keepalives would not cause much issue.

As the keepalive setting is meant solely for the device its configured on and could be different on both the end points.

For more information :

http://cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Here's a snippet :

"This feature lets the tunnel endpoint monitor the continued presence of a remote peer and report its own presence to that peer. If the peer becomes unresponsive, the endpoint removes the connection. In order for ISAKMP keepalives to work, both VPN endpoints must support them."

HTH,

-Kanishka

Actions

This Discussion