DMVPN isakmp sa not dropping

Unanswered Question
Nov 10th, 2008

Hey guys,

what is the configuration syntax so that after the router detects no traffic coming from the peer it kills the tunnel.

This is currently what I have, but it doesn't seem to be working.

crypto isakmp policy 5

encr 3des

authentication pre-share

group 2

crypto isakmp key abc123 address

crypto isakmp keepalive 20

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
John Blakley Mon, 11/10/2008 - 10:10

Try to change "crypto isakmp keepalive 20" to:

crypto isakmp keepalive 20 periodic



Brent Rockburn Mon, 11/10/2008 - 10:47

Still not killing the tunnel after the 20 seconds ... we're into a minute now.

Also tried "on-demand" with the same result.

Giuseppe Larosa Mon, 11/10/2008 - 10:11

Hello Brent,

you can influence the duration of dynamic spoke to spoke tunnels.

Spoke to Hub tunnels stay up because the routing protocol hellos are always running.

So you can see an effect only when you ping from lan to lan between two spokes.

This can trigger the dynamic tunnel

After the end of the ping this will be turned down.

Hope to help



This Discussion