851W - Novice

Unanswered Question
Jan 6th, 2009

I inherited a situation I'm hoping anyone can shed light on. (I'm not cisco savey) Every day I get a call from one of my remote offices that they lose network connectivity. The quickest way to resolve their issue is to recycle their cisco box. Can anyone clarify whether or not the cisco routers recycle themselves every 12 hrs as I've heard? Is there a parameter that can be set so that the VPN tunnel renegotiate at predetermined times? Thanks in advance. TJ

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Tue, 01/06/2009 - 08:02

"Can anyone clarify whether or not the cisco routers recycle themselves every 12 hrs as I've heard?"

Cisco routers don't recycle themselves every 12 hours. What exactly do you mean by recycle though because i take that to mean reload.

As for VPN's there are paramneters you can set that affect how long the tunnel will stay up, but even if the tunnel goes down onec activity is detected it should come back up without having to reload.

Jon

tjsapunarich Tue, 01/06/2009 - 08:48

Jon

Thanks for you insite.

By recycle, perhaps reload it the correct word. Just every day at the same time they have the same problem. Where would I look in the VPN settings to see the length of time it is supposed to stay up?

TJ

Jon Marshall Tue, 01/06/2009 - 13:43

TJ

Apologies for the delay in getting back. Is there any chance of you posting the configuration of the router minus any sensitive information such as public IP addresses, passwords, VPN keys (especially VPN keys).

I would emphasize though that to bring the tunnel back up should not require a reload of the router.

Jon

tjsapunarich Wed, 01/07/2009 - 10:06

I thought of something else. 2 of 3 offices use Dymanic IP and 1 Static IP. The Static office doesn't have this issue. I haven't check yet with the ISP on the ip lease duration.

I'll be changing one of the 2 dymanic offices to static on Friday. Maybe that is what the issue is?

khomitchr Wed, 01/07/2009 - 16:12

Very intresting situation! Sounds like a statetment is pointing to your public ip instead of the outside interface some were in the config.

~Roman

tjsapunarich Thu, 01/08/2009 - 05:16

I'll be posting the config file later tonight. Feel free to advise on any settings

thanks

Brian Meade Mon, 01/12/2009 - 06:35

This line looks like it will disconnect the vpn every 24 hours.

crypto ipsec security-association lifetime seconds 86400

Pravin Phadte Mon, 01/12/2009 - 22:47

yes it may be the problem of the lifetime.

You can verify it on the cisco router and then troubleshoot and make changes.

show crypto isakmp sa.

Show crypto ipsec sa peer x.x.x.x

To get the tunnel up without reload

clear crypto isakmp sa.

clear crypto ipsec sa peer x.x.x.x

if this clear commnad works and you dont have to reload the router. do the following

config t

crypto ipsec security-association lifetime seconds 120

You may also need to take a look at the remote side where the vpn tunnel is configured

Actions

This Discussion