04-26-2009 07:08 AM
Hi,
I am new to the SR520 router, and I have gotten the vpn server and remote to work. We have 3 of these routers, one at our corporate site, and one at each of our remote sites. The VPN's work good, but I would like them to auto-reconnect because we have some voice traffic that needs to pass over them, and the staff is not very capable of using the connection tool. Is this possible? Is there a time out on them that I can remove?
I have only used the Cisco Configuration Assistant to configure them, and when I used the command line, the vpn's wouldn't work.
Any help would be appreciated.
04-28-2009 09:15 AM
The tunnel to the Host will go down at the expiration of the lifetime which is 24 hours in seconds, and cannot be made larger.
Once the tunnel goes down, you need to use a PC to reconnect because of that HTTP Authentication statement in the IOS.
I have not found a way around this in the 8xx Series routers or the SR520.
05-22-2009 09:26 AM
Addis and I connected with Andy Hickman who share the following that could work for this.
To keep the tunnel up you can use the auto connect feature of EZVPN. This is pretty straight forward, just do the following:
Starting from a standard configuration built by CCA1.9 for remote access, use the following to allow the remote router to connect automatically to the UC500 VPN server.
On the UC500, add the following configuration via CLI:
crypto isakmp client configuration group EZVPN_GROUP_1
save-password
On the remote device (870 or SR520), add the following configuration via CLI:
crypto ipsec client ezvpn EZVPN_REMOTE_CONNECTION_1
username
It is also strongly recommended that password encryption is configured on the remote device:
password encryption aes
key config-key password-encrypt
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide