Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SR520 Auto Reconnect VPN Remote Connection


I am new to the SR520 router, and I have gotten the vpn server and remote to work. We have 3 of these routers, one at our corporate site, and one at each of our remote sites. The VPN's work good, but I would like them to auto-reconnect because we have some voice traffic that needs to pass over them, and the staff is not very capable of using the connection tool. Is this possible? Is there a time out on them that I can remove?

I have only used the Cisco Configuration Assistant to configure them, and when I used the command line, the vpn's wouldn't work.

Any help would be appreciated.

Everyone's tags (3)
New Member

Re: SR520 Auto Reconnect VPN Remote Connection

The tunnel to the Host will go down at the expiration of the lifetime which is 24 hours in seconds, and cannot be made larger.
Once the tunnel goes down, you need to use a PC to reconnect because of that HTTP Authentication statement in the IOS.

I have not found a way around this in the 8xx Series routers or the SR520.

Re: SR520 Auto Reconnect VPN Remote Connection

Addis and I connected with Andy Hickman who share the following that could work for this.

To keep the tunnel up you can use the auto connect feature of EZVPN.  This is pretty straight forward, just do the following:

Starting from a standard configuration built by CCA1.9 for remote access, use the following to allow the remote router to connect automatically to the UC500 VPN server.

On the UC500, add the following configuration via CLI:

crypto isakmp client configuration group EZVPN_GROUP_1

On the remote device (870 or SR520), add the following configuration via CLI:

crypto ipsec client ezvpn EZVPN_REMOTE_CONNECTION_1
  username password

It is also strongly recommended that password encryption is configured on the remote device:

password encryption aes
key config-key password-encrypt