RE: EzVPN termination after a while

Yes, but I have not seen many people running NEM use XAUTH... it's kind of what he seems to be using it for-
ASA ala "DMVPN-esque" technology.

-Joe

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Tony Varriale
Sent: Thursday, August 13, 2009 12:42 PM
To: ccielab_at_groupstudy.com
Subject: RE: EzVPN termination after a while

Both modes can have xauth. They aren't mutually exclusive.

tv

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Joseph L. Brunner
Sent: Thursday, August 13, 2009 9:18 AM
To: Rob Phillips; CCIE; ccielab_at_groupstudy.com
Subject: RE: EzVPN termination after a while

Are your EZVpn Clients running any per host authentication xauth, or are
they all in network extension mode?

Have you tried removing HMAC from the Phase 2 transform set?

-Joe

-----Original Message-----
From: Rob Phillips [mailto:rrphillips_at_swankav.com]
Sent: Thursday, August 13, 2009 10:04 AM
To: Joseph L. Brunner; CCIE; ccielab_at_groupstudy.com
Subject: RE: EzVPN termination after a while

As far as I know yes. Most of my offices are within other companies
buildings and they provide access to the internet. Our office operated
behind the EZVPN device. We checked with the different companies IT
staffs and everything seems to be ok on their end, but then again it is
someone else's network so who knows. I just know once I used the
command below the issue disappears. Our guys may notice a short delay
when it happens if they happen to try and send something within a few
seconds of it happening, but that is rare that they just happen to hit
one of these outages.

The way I look at it is if the EZVPN client would notice that the server
is gone it would reconnect. The server (ASA 5520) does not show
anything in the logs other then the connection dropped. The clients
871's and 881's both just sit there if there is no keepalive set.

Rob

-----Original Message-----
From: Joseph L. Brunner [mailto:joe_at_affirmedsystems.com]
Sent: Thursday, August 13, 2009 8:37 AM
To: Rob Phillips; CCIE; ccielab_at_groupstudy.com
Subject: RE: EzVPN termination after a while

Good connectivity?

Www.att.com

www.qwest.com

www.verizon.com/business

-Joe
#19366

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Rob Phillips
Sent: Thursday, August 13, 2009 9:30 AM
To: CCIE; ccielab_at_groupstudy.com
Subject: RE: EzVPN termination after a while

I would love to know the answer to this issue as well. From my
experience the server side of the ezvpn drops, however the client
remains up so it never rebuilds the connection. To resolve the issue my
users have had I had started to use the

Crypto isakmp keepalive 10 period

At least that has forced the client to notice the drop and it rebuilds.
The users affect only use email and web traffic so many time they never
notice this happening.

If there is something that prevents these drops all together then that
would even be better

Rob

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
CCIE
Sent: Thursday, August 13, 2009 12:11 AM
To: ccielab_at_groupstudy.com
Subject: EzVPN termination after a while

Hi Experts,

What would be the cause to terminate the EzVPN if not used after a
while,
and it doesn't connected automatically (even the remote is configured
for
automatic establishement), but if I restart the router it reestablished
successfully. Can you please give me some hints.

Regards,

Amin

Blogs and organic groups at http://www.ccie.net
Received on Thu Aug 13 2009 - 12:43:52 ART