Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IKE Keepalives Prolong RAS Calls?

I have been troubleshooting call durations in to our remote access environment.

The environment is as follows Client PC VPN Client SW with modem (analog or BR ISDN) dial in to AS5300 then establish encrypted session through VPN Concentrator 3030.

I have configured dialer idle-timeout to the point where the only traffic that is considered interesting is ESP traffic.

However I am still seeing intermittent traffic (encrypted) that is managing to keep the remote access session up. I have now noticed that VPN concentrator is configured to send IKE keepalives which seems to be the culprit for prolonging calls.

I'm not sure how relevant IKE Keepalives are to this type of usage and what impact disabling them will have on the environment.

Any suggestions/pointers greatly appreciated.

Thanks in advance.


Re: IKE Keepalives Prolong RAS Calls?

Hi Kevin,

IKE keepalives are useful in detecting a failed tunnel due to loss of Internet connectivity or loss of VPN peer.If you are on a dialup scenario and a tunnel is established between your VPN client and the concentrator, then if you lose your internet access on the client side, then concentrator will still keep the tunnel up until the keys need to be re-established

Hope that helps


CreatePlease to create content