I have a Cisco 871 router configured as an EzVPN client connecting to a PIX. The router is running latest IOS (c870-advsecurityk9-mz.124-15.T1.bin) and the PIX is running 6.3(5) code.
Every so often, the remote 871 router will drop its VPN connection to the PIX and will not re-attempt to establish it.
I've configured "crypto isakmp keepalive 30 20 periodic" on the 871 and the ezvpn client is configured for "connect auto".
I can connect to the 871's global IP address, so it has Internet connectivity. When I display the crypto ipsec client ezvpn, it tells me that IPSEC is active, yet there are no crypto isakmp sa's or crypto ipsec sa's displayed.
I also have a "debug crypto ipsec client ezvpn" and "debug crypto isakmp" running on the 871, and I see no debugs.
I've tried forcing traffic by pinging from an internal host to the main site, but it doesn't attempt to re-establish the VPN.
I guess what bothers me the most is that the ezvpn client is displaying the "IPSEC_ACTIVE" state, when it really isn't.
Am I missing something here?
I've attached a text file with the 871's configuration. It also has a show version, and the sho crypto commands that I've mentioned.
Thanks in advance for any help.
(P.S. -- Also, if I reboot the router, it automatically re-connects, or I can force it by manually connecting. I just can't seem to have the router itself re-connect on its own.)