Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

keepalive mismatch between 3k and Easy VPN clients

Hello,

Easy VPN client is running on C800s and tunnels to a 3K concentrator. We have approx 400 remotes up at once. Several times over the course of a week an IPSec tunnel is lost between the 3K and a client. Appears random. Don't know which device is causing the problem.

The keepalive setting on the remotes is 10 sec. I think on the 3k it is 2 sec. I looked at the text version of the 3K config file which showed: keepaliveinterval=2. I don't know how to find the keepalive value using WebVPN, I just know that the keepalive box is checked. Anyhow, what problems could be caused by this mismatch in keepalives if any? Any comments, explanations or references are appreciated. Thanks

1 REPLY
Cisco Employee

Re: keepalive mismatch between 3k and Easy VPN clients

With EasyVPN config, mismatching keepalives would not cause much issue.

As the keepalive setting is meant solely for the device its configured on and could be different on both the end points.

For more information :

http://cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Here's a snippet :

"This feature lets the tunnel endpoint monitor the continued presence of a remote peer and report its own presence to that peer. If the peer becomes unresponsive, the endpoint removes the connection. In order for ISAKMP keepalives to work, both VPN endpoints must support them."

HTH,

-Kanishka

152
Views
0
Helpful
1
Replies
CreatePlease login to create content