Long-term VPN solution?

Unanswered Question
Jul 24th, 2008

Hello, all...

I'm a VPN beginner interested in setting up a permanent VPN connection between two facilities. I have a 1720 router on one side. Would it be best to assume that a second 1720 router at the other end would provide the best result?

Is it a bad idea to use long-term VPN links?

Also, are there any security pitfalls particular to the 1720 that I have to watch out for in doing this?

Many thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Daniel Voicu Fri, 07/25/2008 - 04:20


You need to make sure the IOS you are using for the 1720 is supporting VPNs.

This can be checked using "sh ver": the name of the IOS file must include K9 keyword.

The show ver will aslo show the type of encryption available: AES, 3DES.

On the other end you can have any device, from 800 series, 1700 series, 1800 series, 2800 series and so on. You can also have ASAs firewalls.

VPN is fine for the long term, and the AES encryption is considered very secure.

For a build guide:


Please rate if this helped.



samiller Fri, 09/04/2009 - 08:47


I have a question about a long term VPN I'm running, linking two of my sites like this, with a PIX and ASA.

I want it to stay up forever. Do you know if the tunnel absolutely has to renegotiate after a certain number of hours in operation or something like that? We have a server process running across the link to some devices (like a similated serial link). If the network resets, it kills the process.

Richard Burts Thu, 09/10/2009 - 09:24


It is my understanding that an essential part of the IPSec implementation is the concept of the lifetime of the Security Association and so yes it is essential for the tunnel to renegotiate. In my experience usually the negotiation of a new SA takes place before the existing SA expires and the transition should be transparent. Is that not the case for your VPN?




This Discussion