×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Remote VPN connection Cannot be setup sometimes

Unanswered Question
Mar 25th, 2003
User Badges:

we got a client who has two sites connected through a VPN connection. (both sites have internet connection). One site is using Router 2621, and another one is using pix 506. The client keeps complaining that the remote site user (pix 506 site) sometimes cannot get connected to the server located in another site (router site) through VPN , but sometimes they can. Any clue about how to fix it?


Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
amritpatek Mon, 03/31/2003 - 14:15
User Badges:
  • Silver, 250 points or more

There are many reasons for this to happen. One such reason is if you have a dynamic IP address on your router, then this could result in a failed connection. Since the IP address keeps changing, the VPN Tunnel might have problems reconnecting next time. Sometimes it might connect, but next time you want to connect and the IP address on the router has changed, then the connection cannot be setup to the remote server.This is due to lifetime expiry.

1. One solution for this is to keep a fixed IP address.

2. The other is to use "isakmp" keepalives. Turn on the isakmp keepalives on both the router and the PIX.

On the router the command is "crypto isakmp keepalive 30 5".

And on the PIX it is "isakmp keepalive 30 5"

where 30 is the time interval in seconds. Hence these keepalives are sent every 30 seconds. It can be a value between 10 to 3600 seconds. 5 is the retry interval in seconds.

With this the problem should be solved.Hope this is useful.


Actions

This Discussion