Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
269
Views
0
Helpful
1
Replies

Two 3015 Concentrators behind CSS

msrohman
Level 1
Level 1

‎05-25-2006 01:52 PM

Hello all,

I have the following scenario currently in production:

VPNClient---Internet---CSS--2VPNConcentrators

The CSS is 11500 with ver 6.10 .

The Cisco VPN clients are connecting with NAT-T IPSec (UDP 4500). The VPN tunnels are built without a problem. However, the VPN tunnels do not stay built much longer then several hours. If I constantly send 'ping'/ICMP traffic over the tunnel, it will stay up for days.

I have DPD/IKE keepalives enabled. Even with IKE keepalives configured, the tunnels still drop. The VPN Concentrators indicate that they have 'Lose Contact' with the VPN client. The VPN Client will then rebuild the tunnel and stay built for approximately 3-4-5 hours. I attached the config file.

Should the flows always be active for this type of traffic to pass? Maybe I should set the flow for UDP/4500 to permanent?

I'm sort of new to CSS administration. Let me know if anyone has any ideas.

Thanks,

Mike

Labels:
Preview file
4 KB
0 Helpful
1 Reply 1

a-vazquez
Level 6
Level 6

‎05-31-2006 12:43 PM

Yes, the flow should always be active for the traffic to pass.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents