Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to hold VPN tunnel without remotesite pinging 515E

I have a 515e (static IP)at the home office and 501 (dynamic IP)devices at remote sites. Using the configuration below, I am able to communicate between the sites via VPN however, the VPN will only initiate and stay up if a PC at the remote sites are setup to constantly ping the home office 515e. How can I eliminate the proceedure? My configuration for both devices is listed below using the attachment feature:

New Member

Re: Unable to hold VPN tunnel without remotesite pinging 515E

You can't bring up the VPN from the home office as it doesn't know the peer address at the remote site since it has a dynamic IP. So it has to be brought up by traffic initiated at the remote office end.

Are you doing the constant ping to bring up the VPN, or to keep it up once it has been established? If it is dropping some time after being established (when not doing the ping), you can try using the ISAKMP KEEPALIVE option. The syntax is:

isakmp keepalive

where is the number of seconds between each keepalive, and is the number of seconds before retrying after a keepalive response has not been received.

If that does not fix it, you could enable buffer logging and do a debug crypto isakmp to see if it gives you any indication as to why the tunnel is dropped.


Re: Unable to hold VPN tunnel without remotesite pinging 515E

vpn is a secure connection between the networks, and it's not supposed to be "always on". nonetheless, as soon as there is interesting traffic, the vpn should be up again.

CreatePlease login to create content