VPN connection problem

Unanswered Question
Sep 29th, 2009

Hi,

I have a cisco 2801 router, configured to support VPN clients, but sometimes the status of the connection goes to Up-Idle, and it needs long time to recover by itself.

so Is there a way where you can specify the time out for the UpIdle VPN connections ?

Regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ggilbert Tue, 09/29/2009 - 03:19

Hello Omar,

Where do you see the UP-IDLE status?

Does "sh cry session" status should that as the session status. If so, is there another session created for this client.

OR

Can you send me the output of where you are seeing this.

Does "sh cry isa sa" show the session to be in this status or QM_IDLE.

Thanks

Gilbert

omar_maiah Tue, 09/29/2009 - 04:32

C2801-INT# sh cry sess

Interface: Serial0/1/0

Username: user

Profile: profile

Group: profile

Assigned address: 172.16.1.109

Session status: UP-IDLE

Peer: x.x.x.x port 53217

IKE SA: local x.x.x.x/4500 remote x.x.x.x/53217 Active

sh cry isa sa

IPv4 Crypto ISAKMP SA

dst src state conn-id slot status

x.x.x.x x.x.x.x CONF_XAUTH 1186 0 ACTIVE

IPv6 Crypto ISAKMP SA

---------------------------

The connection goes to the idle state, and i have to clear it manually so it can be used again, since i'm using a profile with a pool of one ip address, but if it was reserved and having the idle state, there will be no traffic and you cant establish another vpn connection using the same profile since the pool will have no other IPs to assign.

hope my point was clear

Actions

This Discussion