cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1164
Views
0
Helpful
13
Replies

851W - Novice

tjsapunarich
Level 1
Level 1

I inherited a situation I'm hoping anyone can shed light on. (I'm not cisco savey) Every day I get a call from one of my remote offices that they lose network connectivity. The quickest way to resolve their issue is to recycle their cisco box. Can anyone clarify whether or not the cisco routers recycle themselves every 12 hrs as I've heard? Is there a parameter that can be set so that the VPN tunnel renegotiate at predetermined times? Thanks in advance. TJ

13 Replies 13

Jon Marshall
Hall of Fame
Hall of Fame

"Can anyone clarify whether or not the cisco routers recycle themselves every 12 hrs as I've heard?"

Cisco routers don't recycle themselves every 12 hours. What exactly do you mean by recycle though because i take that to mean reload.

As for VPN's there are paramneters you can set that affect how long the tunnel will stay up, but even if the tunnel goes down onec activity is detected it should come back up without having to reload.

Jon

Jon

Thanks for you insite.

By recycle, perhaps reload it the correct word. Just every day at the same time they have the same problem. Where would I look in the VPN settings to see the length of time it is supposed to stay up?

TJ

TJ

Apologies for the delay in getting back. Is there any chance of you posting the configuration of the router minus any sensitive information such as public IP addresses, passwords, VPN keys (especially VPN keys).

I would emphasize though that to bring the tunnel back up should not require a reload of the router.

Jon

Yes - I'll post it soon

I thought of something else. 2 of 3 offices use Dymanic IP and 1 Static IP. The Static office doesn't have this issue. I haven't check yet with the ISP on the ip lease duration.

I'll be changing one of the 2 dymanic offices to static on Friday. Maybe that is what the issue is?

Very intresting situation! Sounds like a statetment is pointing to your public ip instead of the outside interface some were in the config.

~Roman

I'll be posting the config file later tonight. Feel free to advise on any settings

thanks

see config attached

This line looks like it will disconnect the vpn every 24 hours.

crypto ipsec security-association lifetime seconds 86400

Ok - thanks. If omitted, will the vpn stay connected indefinately?

Take a look at this document. http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftsaidle.html

It looks like it will use the defaults if you delete that line.

Thanks - I'll check it out.

yes it may be the problem of the lifetime.

You can verify it on the cisco router and then troubleshoot and make changes.

show crypto isakmp sa.

Show crypto ipsec sa peer x.x.x.x

To get the tunnel up without reload

clear crypto isakmp sa.

clear crypto ipsec sa peer x.x.x.x

if this clear commnad works and you dont have to reload the router. do the following

config t

crypto ipsec security-association lifetime seconds 120

You may also need to take a look at the remote side where the vpn tunnel is configured

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: