I have been troubleshooting call durations in to our remote access environment.
The environment is as follows Client PC VPN Client SW with modem (analog or BR ISDN) dial in to AS5300 then establish encrypted session through VPN Concentrator 3030.
I have configured dialer idle-timeout to the point where the only traffic that is considered interesting is ESP traffic.
However I am still seeing intermittent traffic (encrypted) that is managing to keep the remote access session up. I have now noticed that VPN concentrator is configured to send IKE keepalives which seems to be the culprit for prolonging calls.
I'm not sure how relevant IKE Keepalives are to this type of usage and what impact disabling them will have on the environment.
IKE keepalives are useful in detecting a failed tunnel due to loss of Internet connectivity or loss of VPN peer.If you are on a dialup scenario and a tunnel is established between your VPN client and the concentrator, then if you lose your internet access on the client side, then concentrator will still keep the tunnel up until the keys need to be re-established
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :