Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
285
Views
0
Helpful
1
Replies

keepalive mismatch between 3k and Easy VPN clients

mnewnam06
Level 1
Level 1

‎03-02-2007 12:31 PM - edited ‎02-21-2020 02:54 PM

Hello,

Easy VPN client is running on C800s and tunnels to a 3K concentrator. We have approx 400 remotes up at once. Several times over the course of a week an IPSec tunnel is lost between the 3K and a client. Appears random. Don't know which device is causing the problem.

The keepalive setting on the remotes is 10 sec. I think on the 3k it is 2 sec. I looked at the text version of the 3K config file which showed: keepaliveinterval=2. I don't know how to find the keepalive value using WebVPN, I just know that the keepalive box is checked. Anyhow, what problems could be caused by this mismatch in keepalives if any? Any comments, explanations or references are appreciated. Thanks

Labels:
0 Helpful
1 Reply 1

kaachary
Cisco Employee
Cisco Employee

‎03-03-2007 04:56 AM

With EasyVPN config, mismatching keepalives would not cause much issue.

As the keepalive setting is meant solely for the device its configured on and could be different on both the end points.

For more information :

http://cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Here's a snippet :

"This feature lets the tunnel endpoint monitor the continued presence of a remote peer and report its own presence to that peer. If the peer becomes unresponsive, the endpoint removes the connection. In order for ISAKMP keepalives to work, both VPN endpoints must support them."

HTH,

-Kanishka

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents