IPSEC_ACTIVE on VPN 871W but connection is down

Unanswered Question
Jan 13th, 2010
User Badges:

All,


I have an issue with our 871W set up.  When for one reason or another the connection is dropped (in this case I disconnected the uplink to the provider) for the state still says IPSEC_ACTIVE.  The ASA on the other side shows the session disconnected.  I either have to reboot the router or clear the crypto session to be able to intiate the connection again. Any one have any ideas on why this happens and what I can do to fix it?


crypto ipsec client ezvpn xxx
connect manual
group xxx key xxx
mode network-extension
peer xxx
nat allow
xauth userid mode http-intercept


xxx#sh crypto ipsec client ezvpn
Easy VPN Remote Phase: 8


Tunnel name : xxx
Inside interface list: BVI1
Outside interface: FastEthernet4
Current State: IPSEC_ACTIVE
Last Event: CONNECT81
DNS Primary: xxx
Default Domain: xxx
Save Password: Disallowed
       XAuth credentials: HTTP intercepted
       HTTP return code : 200
       IP addr being prompted: 0.0.0.0
Current EzVPN Peer: xxx

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hdashnau Wed, 01/13/2010 - 17:55
User Badges:
  • Cisco Employee,

Try turning on dead peer detection (DPD):


crypto isakmp keepalive



It may take a few minutes, but it should sense the tunnel is down and tear it down on the router side so it can be renogiated.


Heres the CLI reference for it:

Easy VPN Remote with DPD Enabled: Example

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtdpmo.html#wp1052316

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtdpmo.html



-heather

Actions

This Discussion