Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

how to keep EZvpn tunnel up on IOS router

We have remote offices using EZvpn on PIX 506e to connect to corporate.

To prevent tunnel to go down we had to use the command "vpnclient nem-st-autoconnect"

We are now trying to replace the 506e with an IOS router.

What is the command equivalent on IOS to keep tunnel up when there is no traffic

crypto isakmp keepalive X X doesn't work.

The only solution I can think off for the moment is to use object tracking to have the router ping every few minutes to keep the tunnel alive.

Is there a better solution?

Thanks

3 REPLIES
New Member

Re: how to keep EZvpn tunnel up on IOS router

You may try to use Lan-to-Lan VPN for long time tunnel up.

New Member

Re: how to keep EZvpn tunnel up on IOS router

or you can try modify idle timer:

Rack01R2(config)#crypto ipsec security-association idle-time ?

<60-86400> Idle time at which IPSec SAs are deleted

New Member

Re: how to keep EZvpn tunnel up on IOS router

Under the crypto configuration for the client on the IOS router (e.g. crypto ipsec client ezvpn xyz123), set "mode network-extension". Further, you can also configure "connect auto" under the same sub-level.

Those are the equivalent of the PIX command.

184
Views
0
Helpful
3
Replies