Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

keepalives to reestablish a dynamic to static tunnel?

Hi All,

I have a dynamic to static pix 501 to pix 501 os 6.3 configuration. I would like to use keepalives to re-establish the tunnel in case the tunnel goes down. Can this be done?

1 ACCEPTED SOLUTION

Accepted Solutions
Green

Re: keepalives to reestablish a dynamic to static tunnel?

Theres a workaround for everything, you could have the pix at the far end use a local ntp or syslog server, this traffic would bring the tunnel up as long as it was defined as interesting.

14 REPLIES
Green

Re: keepalives to reestablish a dynamic to static tunnel?

You can use dead peer detection to ensure the tunnel doesn't go down...but I don't think that will bring it back up if it goes down.

isakmp keepalive 10

New Member

Re: keepalives to reestablish a dynamic to static tunnel?

I've tried this (isakmp keepalive 10), to no avail. Thanks though.

Green

Re: keepalives to reestablish a dynamic to static tunnel?

That doesn't keep the tunnel from going down? Or are you just saying it doesn't bring it back up?

New Member

Re: keepalives to reestablish a dynamic to static tunnel?

it doesn't bring it back up. i'm trying to prepare for the unavoidable power or internet outage that would bring the connection down. i would like the static location to reconnect without effort from the customer on that end. :)

Green

Re: keepalives to reestablish a dynamic to static tunnel?

Theres a workaround for everything, you could have the pix at the far end use a local ntp or syslog server, this traffic would bring the tunnel up as long as it was defined as interesting.

New Member

Re: keepalives to reestablish a dynamic to static tunnel?

that's a good idea. a ping will bring it up. some type of ping utility would also work. i was just looking for a solution on the firewall.

unfortunately the way this has worked out, the static pix is at the remote site. that could be changed but it would be easier to work around it.

Thanks.

New Member

Re: keepalives to reestablish a dynamic to static tunnel?

sorry, i'm kinda slow. a syslog service on the remote computer with the main office (dynamic pic) logging to the remote syslog should work. Think?

Green

Re: keepalives to reestablish a dynamic to static tunnel?

Ya, same difference. As long as the computer has data to send. I was confused before which end was dynamic. What I should have said, since your main end is dynamic, is to have your pix or a computer syslog or ntp to something at the remote site.

New Member

Re: keepalives to reestablish a dynamic to static tunnel?

no reason you would have known, that would be the logical way. thanks again :)

New Member

Re: keepalives to reestablish a dynamic to static tunnel?

EasyVPN was built for this - dynamic IP remote VPN endpoints to static head end.

Why involve more points of failure to the mix when you can have the firewalls take care of the tunnel.

Just my 2cents.

Green

Re: keepalives to reestablish a dynamic to static tunnel?

palomoj,

Not sure if it matters but in his case the head end firewall was dynamic. Would that still work?

New Member

Re: keepalives to reestablish a dynamic to static tunnel?

Which ever site has the static can be configured as the EasyVPN server and the dynamic as the EasyVPN client.

New Member

Re: keepalives to reestablish a dynamic to static tunnel?

Hi,

Correct me if i'm wrong, but I thought the pix 501 would not act as an easy vpn server, only a client.

New Member

Re: keepalives to reestablish a dynamic to static tunnel?

You can configure 501 for server or client

160
Views
0
Helpful
14
Replies
CreatePlease to create content