Always-up IOS-to-CVPN Client VPN tunnel --Is this possible?

Unanswered Question
Jan 2nd, 2008

Hello experts.

I've been browsing the forum looking for an answer to this question. Most of the replies suggest either disabling keepalives or extending the time-period between them.

Based on our experience even when disabling keepalives, we've noticed the Cisco VPN Client connection goes down while passing traffic if the 86400 secs IKE phase I lifetime expires.

We know the VPN client profile config on the ASA does offer a couple of commands to enable an always-up tunnel. Can this be done with an IOS box?

Your help is greatly appreciated here!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
duane.larson Mon, 04/21/2008 - 13:08

I am having the same issues. I have another post on here that talks about this, but on solution yet. If the remote end is an ASA then you won't have any issues. The only way I have solved this issue on the IOS routers is to set the ISAKMP and IPSEC lifetime to something below 40 minutes. The closer you get to 1 minutes you will notice that the VPN tunnel will not drop. The only reason I don't really want to do this is because I am not sure how this will affect my 5520 here at the Data Center if I have a lot of remote 1841's out there


This Discussion