1710 in EzVPN network Extension Mode Tunnel timeout
I have a few 1710's in EzVPN network Extension Mode and it seems as if the tunnels timeout. Can anyone tell me if this is in fact the case? These are all terminated at a 3030 concentrator. I have a custom system that pings the IP address that is assigned to the wan of the 1710. I ping it one time per minute for 10 minutes. If I do not get a response in 10 minutes - I open a troubleticket. I have this site that has been up for 2 days solid and my system never opened a ticket. I confirmed the IP is still the same and I can still ssh into them. Customer says site was down for 4 hours today and totally kicked my ass because he said why I didn't see it. I checked our logs since last reboot and out system didn't skip a beat. I have tried to set keepalives but they don't seem to work with EzVPN. Anyone can offer some input? How can I confirm if tunnels are going up and down or timing out?
Re: 1710 in EzVPN network Extension Mode Tunnel timeout
The tunnel does have a lifetime associated, and it will go down after that lifetime, regardless of how often packets are flowing across it. The tunnel should be automatically brought straight back up and no-one is the wiser.
There is a "connect manual" command in EzVPN Phase II that'll make the remote router wait for user interaction before bringing the tunnel back up when it expires, do you have this in your config?
Other than that, why don't you ping an internal host with your script, rather than the WAN interface? Pinging the WAN interface will tell you if the router or link has died, but won't tell you if the VPN is up or not.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :