We are having a central site with leased line to internet & 13 remote locations having adsl connection (dynamic).All the remote locations are connecting via vpn to the central site.
Central site is having PIX 515 (ver 7.2(2)).
Remote locations are having 506E (ver 6.3(5)).
We are having a static to dynamic vpn.
Now, currently there are two sites (Central site & remote site)which we testing.The requirement is to have the vpn tunnelup always. To be on the safer side, we have created a batch file on all the remote locations which continously sends an extended ping packet to the central site server.
All the remote locations are having a sevre which communicates with the central site server placed in the DMZ.
When we initiate the connection from the remote site the tunnel comes up & we are able to pass bidirectional traffic.Now, in the background even the batch file is running which is always making the tunnelup.
Now, after sometime when we stop this batch file & again initiate the connection by applying ping from the remote server or PCs we are getting request timed out.
Logically, when we initiate the connection from remote side the vpn tunnel should always come up which is not happening in this case.
What we noticed was when we are getting request timed out, on the remote PIX we see QM_IDLE when we put "sh crypto isakmp sa".But at the central site we see "no isakmp sas" when we put"sh crypto isakmp sa"
I tried putting the keepalives at the remote end but what we found was that the tunnel goes down after about 30 minutes approx when there is no data traffic.In debug, we can see " DPD R_THERE_ .." message from the remote end at every 10 seconds interval.
Is there any way that we can always make the tunnel up even when is no data traffic..?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :