Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMVPN isakmp sa not dropping

Hey guys,

what is the configuration syntax so that after the router detects no traffic coming from the peer it kills the tunnel.

This is currently what I have, but it doesn't seem to be working.

crypto isakmp policy 5

encr 3des

authentication pre-share

group 2

crypto isakmp key abc123 address 0.0.0.0 0.0.0.0

crypto isakmp keepalive 20

3 REPLIES

Re: DMVPN isakmp sa not dropping

Try to change "crypto isakmp keepalive 20" to:

crypto isakmp keepalive 20 periodic

HTH

John

HTH, John *** Please rate all useful posts ***
New Member

Re: DMVPN isakmp sa not dropping

Still not killing the tunnel after the 20 seconds ... we're into a minute now.

Also tried "on-demand" with the same result.

Hall of Fame Super Silver

Re: DMVPN isakmp sa not dropping

Hello Brent,

you can influence the duration of dynamic spoke to spoke tunnels.

Spoke to Hub tunnels stay up because the routing protocol hellos are always running.

So you can see an effect only when you ping from lan to lan between two spokes.

This can trigger the dynamic tunnel

After the end of the ping this will be turned down.

Hope to help

Giuseppe

362
Views
0
Helpful
3
Replies