I have configured VPN tunnel between branch office and central site (Cisco 876 and Cisco 2811 routers) and it's working fine.
Branch office has dynamic IP address from ADSL, and central office has static public IP address.
Question is: Is it possible to keep this VPN tunnel alive, even if there is no interesting traffic from branch office?
Sometimes, when there is no interesting traffic from remote site, the tunnel goes down, and in that case, if central site LAN user want to communicate with branch user, he cant't do that until branch user do ping or something else to establish a tunnel.
how did you specify the 800 router as peer in your crypto map ,since it has an ip address that is not garanted to be the same every time specificaly after a reboot or an expiration of the DHCP bail ???
So, with this configuration, any IP address with correct pre-share key will be accepted.
At Remote site, crypto map referencing to this static public IP address of central router.
And, becouse remote site has IP address which is periodically change, only that site can initiate VPN connection.
I just need some mechanism which will keep this VPN connection alive. (Simple, but irritating solution is to make batch file on one of the remote site host, which will periodically ping the other LAN's address)
Why not creating a standard site-to-site connection? You can do that if you your branches have static IP in the Internet.
If not, an elegant solution is to create GRE interfaces both on branch and hub and set the VPN between them. The "keepalive" option on the GRE interface will make sure the tunnel will never go down due to the lack of traffic.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :