Enable Keep Alive on IPSec Tunnel (WRV200)?

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by compudata, Jul 3, 2007.

  1. compudata

    compudata LI Guru Member

    How do I enable KEEP ALIVE on an IPSEC tunnel on the WRV200? On the old Linksys VPN routers, there was an "Advanced" button that I could enter and select it.
  2. ifican

    ifican Network Guru Member

    Well dead peer detection is basically the same thing, though depending on how linksys implements it, it may not act exactly the same way as keep alives. Are you having an issue with a particular tunnel?
  3. compudata

    compudata LI Guru Member

    Yes, there is one problematic tunnel

    Yes, TunnelA (as it is called in the log) keeps going down and I have to keep restarting it. The strange thing I see in the log is that about every thirty seconds, it keeps establishing a new ISAKMP SA. For example, from the log:

    "043 [Tue 08:41:18] "TunnelA" #4736: [WRV200 Response:] ISAKMP SA established
    044 [Tue 08:41:48] "TunnelA" #4738: [WRV200 Response:] ISAKMP SA established
    045 [Tue 08:42:13] "TunnelA" #4740: [WRV200 Response:] ISAKMP SA established"

  4. DocLarge

    DocLarge Super Moderator Staff Member Member

    What router is on the opposite side of your WRV200?

    Additionally, ifican, is it me, or does it look Phase II is doing a stop/restart in rapid succession? This is just my first impression, but you'd think if the tunnel were actually down, the log would annotate that...

  5. ifican

    ifican Network Guru Member

    You make a very good point, also as Jay has mentioned look at the log on the other side. You can't always tell whats going on between the two unless you see both ends. And it appears at least from the limited log that its the other side initiating the action response we are seeing here. By chance did the key lifetime get set really low? Are you seeing these messages after you reinitiate the tunnel? And when you say it does down all the time, if you send traffic that way does it come right back up or does it stay down?
  6. compudata

    compudata LI Guru Member

    The router on the other side is a Linksys BEFVP41. (Originally this site had the same model, but due to storm damage, it had to be replaced.) Unfortunately, I don't have easy access to the equipment on the other site. The second site is 90 miles away and the IT guy they have for that company is one of these control freaks that won't divulge the password to anyone (moron!). We have to wait several days for him to show up do get anything done. (It's a remote area and there are very few companies that service the area. I've been suggesting they change for some time.)
    As to key life, the phase 1 (ISAKMP) key lifetime is 28800. Phase 2 (IPSEC) is 3600. When the tunnel is down, simply passing traffic (pinging or attempting an RDP connection over the tunnel) does not bring it back up. The only thing that restarts the tunnel is to click on the "Restart" button on the VPN SUMMARY page. Linksys tech support had me turn the dead peer detection delay time down to 5 and that didn't help. I've also tried turning dead peer detection OFF and there is no change.

    Thanks for your interest in this thread!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice