Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC_ACTIVE on VPN 871W but connection is down

All,

I have an issue with our 871W set up.  When for one reason or another the connection is dropped (in this case I disconnected the uplink to the provider) for the state still says IPSEC_ACTIVE.  The ASA on the other side shows the session disconnected.  I either have to reboot the router or clear the crypto session to be able to intiate the connection again. Any one have any ideas on why this happens and what I can do to fix it?

crypto ipsec client ezvpn xxx
connect manual
group xxx key xxx
mode network-extension
peer xxx
nat allow
xauth userid mode http-intercept

xxx#sh crypto ipsec client ezvpn
Easy VPN Remote Phase: 8

Tunnel name : xxx
Inside interface list: BVI1
Outside interface: FastEthernet4
Current State: IPSEC_ACTIVE
Last Event: CONNECT81
DNS Primary: xxx
Default Domain: xxx
Save Password: Disallowed
       XAuth credentials: HTTP intercepted
       HTTP return code : 200
       IP addr being prompted: 0.0.0.0
Current EzVPN Peer: xxx

1 REPLY
Cisco Employee

Re: IPSEC_ACTIVE on VPN 871W but connection is down

Try turning on dead peer detection (DPD):

crypto isakmp keepalive

It may take a few minutes, but it should sense the tunnel is down and tear it down on the router side so it can be renogiated.

Heres the CLI reference for it:

Easy VPN Remote with DPD Enabled: Example

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtdpmo.html#wp1052316

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtdpmo.html

-heather

310
Views
0
Helpful
1
Replies
CreatePlease login to create content