1. Home
  2. Cisco Systems
  3. 1811 ipsec vpn's

1811 ipsec vpn's

I have 6 ipsec vpn tunnels on my 1811 that go to other 1800 series routers and p500 series pixes. They have been established for some time. Periodically, i'd say about twice a week, they will go down for about 1 hour at a time. The tunnell will stay up but traffic will not be passing through them. After about an hour, traffic will start passing through again. There is a monitoring server behind the 1811 that continually polls devices behind the other 1800's and pixes, about every 2 minutes. When the tunnels stop passing traffic it will read those devices as down when they really aren't. What would be some recommended methods for keeping these tunnels really up. Thanks

Reply to
mmark751969
Loading thread data ...

tunnels only stay up when "interesting traffic" is forwarded on them, I would suggest you either look at your timeout values or failing that generate traffic to flow across them constantly to keep them alive.

timeout value is something like this: crypto map blah set security-association idle-time 86400

Reply to
die.spam

Reply to
bod43

What were some of your ideas to generate traffic from the router to keep the sa's up. In one case - i have tried generating traffic from the remote end servers. I will try this again but i was wondering what you did at the router. Thanks

Reply to
mmark751969

The SLA will do that.

Reply to
alexd

What necessarily is considered to be 'interesting traffic'. I have setup an automated ping script on the remote servers to ping back to the monitor server every two minutes. This appeared to have helped for some of the tunnels but other continue to go down. This sla config appears to be generating icmp traffic from the router like i am doing from the servers.

Reply to
mmark751969

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.