I would like to know if anyone has been able to get a site to site, ipsec based, VPN working without random periodic drops using AT&T/Bellsouth with a single static or dynamic WAN addresses?I can get a VPN connection to work, but after period of time (15-60 minutes) the VPN connection drops and even though the VPN light on the router remains lit, the VPN connection is dead.Power cycling the Cisco model 851 router will bring the VPN back to life….for another 15-60 minutes.
I run a similar router config file for Charter cable and Windstream DSL dynamic addressing and they work fine.I have tried this setup in multiple locations to eliminate the possibility of line issues…without success.I can’t figure out what is different about AT&T and their techs have no clue.It’s almost as if AT&T is doing something to reset the connection every “x” number of minutes.VPN connections are perfect on AT&T if I use a “block” of static IP’s.No drops or resets.Naturally, that requires using their more expensive business DSL service…
Here is the basic config…
Westell or Netopia DSL modem set to bridge mode.The DSL Modem handles the PPPoe connection and authentication.
Cisco 851 Router handles everything else…internal 192.168.x.x network, ipsecsite to site VPN connection to Cisco ASA 5510.
If anyone has a similar config working on AT&T/Bellsouth, I love to hear about it.Any thoughts or suggestions appreciated…
With dynamic ip address assigned by ISP, you might want to double check if:
1) the PPP connection happened to reset every 15-60 minutes (coincide with the time when the VPN tunnel is down).
2) ISP is somehow assigning a new ip address every 15-60 minutes (coincide with the time when the VPN tunnel is down).
If they are, then the VPN tunnel which was built with the old ip address is still in the SA table, and when new ip address gets assigned to your dynamic site, the head end is not aware, and still sends traffic towards the old address. Once you reloads the router, it clears down the tunnel, and new tunnel gets negotiated with the new ip address.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...