Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Crypto Map Dynamic IP Reconnection Issues

Hello,

We are connecting using at each remote site a Cisco 837 router with a ISDN modem as a passthrough to a PIX Firewall.

Each time the ISDN connection drops the Cisco box either requires a reboot or the crypto map to be restarted before anyone can connect through to the PIX. Has anyone got any ideas please?

Many Thanks

Mark

1 REPLY
Cisco Employee

Re: Crypto Map Dynamic IP Reconnection Issues

It'll be because the PIX doesn't recognise that the tunnel has gone down, and therefore still tries the old tunnel and nothing works, until you reboot the PIX or clear down the tunnels. All this does is make the PIX build new tunnels and everything works.

You need to enable ISAKMP keepalives on both ends so that they'll determine that the other end has gone down and reset their own tunnels, allowing new ones to be built.

Use:

crypto isakmp keepalive 30

on the router, and:

isakmp keepalive 30

on the PIX and they'll send keepalives every 30 seconds then and quickly know if the other end has died.

122
Views
0
Helpful
1
Replies
CreatePlease to create content