Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Why is my Easy VPN tunnel flapping?

Core issue

An Easy VPN tunnel might flap due to many reasons. These reasons include a line  condition  or a hardware issue. A tunnel can even go down if it sits idle for  more than the specified time or because of stale security associations (SAs) and so forth.

Resolution

Use the crypto isakmp keepalive command to isolate this issue if a tunnel flaps because of the SAs lifetime or if it is sitting idle.

Info regarding "crypto isakmp keepalive":

This command allow the gateway to send dead peer detection (DPD) messages to the peer, use the crypto isakmp keepalive command in global configuration mode. To disable keepalives, use the no form of this command.

crypto isakmp keepalive seconds [retries] [periodic | on-demand]

no crypto isakmp keepalive seconds [retries] [periodic | on-demand]

description.png

3485
Views
0
Helpful
0
Comments