Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
546
Views
0
Helpful
3
Replies

DMVPN isakmp sa not dropping

Brent Rockburn
Level 2
Level 2

‎11-10-2008 09:52 AM - edited ‎03-04-2019 12:16 AM

Hey guys,

what is the configuration syntax so that after the router detects no traffic coming from the peer it kills the tunnel.

This is currently what I have, but it doesn't seem to be working.

crypto isakmp policy 5

encr 3des

authentication pre-share

group 2

crypto isakmp key abc123 address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 20

Labels:
0 Helpful
3 Replies 3

John Blakley
VIP Alumni
VIP Alumni

‎11-10-2008 10:10 AM

Try to change "crypto isakmp keepalive 20" to:

crypto isakmp keepalive 20 periodic

HTH

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Brent Rockburn
Level 2
Level 2
In response to John Blakley

‎11-10-2008 10:47 AM

Still not killing the tunnel after the 20 seconds ... we're into a minute now.

Also tried "on-demand" with the same result.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎11-10-2008 10:11 AM

Hello Brent,

you can influence the duration of dynamic spoke to spoke tunnels.

Spoke to Hub tunnels stay up because the routing protocol hellos are always running.

So you can see an effect only when you ping from lan to lan between two spokes.

This can trigger the dynamic tunnel

After the end of the ping this will be turned down.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card