IPSEC_ACTIVE on VPN 871W but connection is down

Unanswered Question
Jan 13th, 2010
User Badges:


I have an issue with our 871W set up.  When for one reason or another the connection is dropped (in this case I disconnected the uplink to the provider) for the state still says IPSEC_ACTIVE.  The ASA on the other side shows the session disconnected.  I either have to reboot the router or clear the crypto session to be able to intiate the connection again. Any one have any ideas on why this happens and what I can do to fix it?

crypto ipsec client ezvpn xxx
connect manual
group xxx key xxx
mode network-extension
peer xxx
nat allow
xauth userid mode http-intercept

xxx#sh crypto ipsec client ezvpn
Easy VPN Remote Phase: 8

Tunnel name : xxx
Inside interface list: BVI1
Outside interface: FastEthernet4
Current State: IPSEC_ACTIVE
Last Event: CONNECT81
DNS Primary: xxx
Default Domain: xxx
Save Password: Disallowed
       XAuth credentials: HTTP intercepted
       HTTP return code : 200
       IP addr being prompted:
Current EzVPN Peer: xxx

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hdashnau Wed, 01/13/2010 - 17:55
User Badges:
  • Cisco Employee,

Try turning on dead peer detection (DPD):

crypto isakmp keepalive

It may take a few minutes, but it should sense the tunnel is down and tear it down on the router side so it can be renogiated.

Heres the CLI reference for it:

Easy VPN Remote with DPD Enabled: Example





This Discussion