Remote VPN connection Cannot be setup sometimes

richard268 · ‎03-25-2003

we got a client who has two sites connected through a VPN connection. (both sites have internet connection). One site is using Router 2621, and another one is using pix 506. The client keeps complaining that the remote site user (pix 506 site) sometimes cannot get connected to the server located in another site (router site) through VPN , but sometimes they can. Any clue about how to fix it?

Thanks

amritpatek · ‎03-31-2003

There are many reasons for this to happen. One such reason is if you have a dynamic IP address on your router, then this could result in a failed connection. Since the IP address keeps changing, the VPN Tunnel might have problems reconnecting next time. Sometimes it might connect, but next time you want to connect and the IP address on the router has changed, then the connection cannot be setup to the remote server.This is due to lifetime expiry.

1. One solution for this is to keep a fixed IP address.

2. The other is to use "isakmp" keepalives. Turn on the isakmp keepalives on both the router and the PIX.

On the router the command is "crypto isakmp keepalive 30 5".

And on the PIX it is "isakmp keepalive 30 5"

where 30 is the time interval in seconds. Hence these keepalives are sent every 30 seconds. It can be a value between 10 to 3600 seconds. 5 is the retry interval in seconds.

With this the problem should be solved.Hope this is useful.