crypto ipsec client ezvpn - connect auto command Question
here are my configs
crypto ipsec client ezvpn ezvpn
group ezvpn key xxxxxxxx
username xxxxxxxxx password xxxxxxxxxxxxxx
xauth userid mode local
Now, I am a little confused about the "connect auto" command. We have a server built behind this router SiteA that our middleware server at Site B communicates with at night over the VPN tunnel. We have been having problems where at night when the Middleware server tries to communicate with the server it is unable too intiate the ezvpn tunnel on the router and build the vpn tunnel. What we find is in the morning we have to logon to the server and ping out from Site A to intiate the VPN tunnel. Does this seem right? My thought was the connect auto command specifies the VPN tunnel to automatically connect?
As a test we build a ping request on the Server at Site A towards Site B to create interesting traffic and let it run. We did not experience the VPN tunnel drops as before.
So my question is, isn't "connect auto" supposed to prevent this from happening by always keeping the VPN tunnel up?
Second queston is, "crypto isakmp keepalive 30 20 periodic" required to prevent this instead vs the connect auto?
I read the cisco documenation and it makes sense to me, but I wanted someone else's viewpoint or explanation to this.
Re: crypto ipsec client ezvpn - connect auto command Question
Thank you for responding but from reading cisco's documentation, if I remove this then I have to manually enter in a username password which I don't want. It should use the stored username password in the crypto ezvpn client configs
interactive <---this is the default
To authenticate, the user must use the command-line interface (CLI) prompts on the console. Interactive is the default behavior
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :