cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
414
Views
0
Helpful
2
Replies

VPN connection problem

omar_maiah
Level 1
Level 1

Hi,

I have a cisco 2801 router, configured to support VPN clients, but sometimes the status of the connection goes to Up-Idle, and it needs long time to recover by itself.

so Is there a way where you can specify the time out for the UpIdle VPN connections ?

Regards

2 Replies 2

ggilbert
Cisco Employee
Cisco Employee

Hello Omar,

Where do you see the UP-IDLE status?

Does "sh cry session" status should that as the session status. If so, is there another session created for this client.

OR

Can you send me the output of where you are seeing this.

Does "sh cry isa sa" show the session to be in this status or QM_IDLE.

Thanks

Gilbert

C2801-INT# sh cry sess

Interface: Serial0/1/0

Username: user

Profile: profile

Group: profile

Assigned address: 172.16.1.109

Session status: UP-IDLE

Peer: x.x.x.x port 53217

IKE SA: local x.x.x.x/4500 remote x.x.x.x/53217 Active

sh cry isa sa

IPv4 Crypto ISAKMP SA

dst src state conn-id slot status

x.x.x.x x.x.x.x CONF_XAUTH 1186 0 ACTIVE

IPv6 Crypto ISAKMP SA

---------------------------

The connection goes to the idle state, and i have to clear it manually so it can be used again, since i'm using a profile with a pool of one ip address, but if it was reserved and having the idle state, there will be no traffic and you cant establish another vpn connection using the same profile since the pool will have no other IPs to assign.

hope my point was clear

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: