RE: Ezay VPN error

From: CCIE <ccie_at_axizo.com>
Date: Wed, 11 Nov 2009 12:20:18 +0200

I tried that

 

access-list nat0 extended permit ip 172.16.0.0 255.240.0.0 10.1.1.0
255.255.255.0

access-list nat0 extended permit ip 172.16.0.0 255.240.0.0 10.10.0.0
255.255.0.0

access-list branches-vpn-splitTunnelAcl standard permit 172.16.0.0
255.240.0.0

 

 

ip local pool MYPOOL 10.1.1.1-10.1.1.254

 

nat (inside) 0 access-list nat0

 

group-policy branches-vpn internal

group-policy branches-vpn attributes

 vpn-session-timeout none

 password-storage enable

 split-tunnel-policy tunnelspecified

 split-tunnel-network-list value branches-vpn-splitTunnelAcl

 secure-unit-authentication disable

 user-authentication disable

 user-authentication-idle-timeout none

 nem enable

 

username mne-vpn password cisco

username mne-vpn attributes

 vpn-group-policy branches-vpn

 

crypto ipsec transform-set AAADES esp-des esp-md5-hmac

crypto ipsec df-bit clear-df outside

crypto dynamic-map DYNOMAP 10 set transform-set AAADES

crypto map VPNPEER 20 ipsec-isakmp dynamic DYNOMAP

crypto map VPNPEER interface outside

isakmp identity address

isakmp enable outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp nat-traversal 3600

 

tunnel-group DefaultL2LGroup ipsec-attributes

 isakmp keepalive threshold 60

tunnel-group DefaultRAGroup ipsec-attributes

 isakmp keepalive threshold 10

tunnel-group branches-vpn type ipsec-ra

tunnel-group branches-vpn general-attributes

 address-pool MYPOOL

 default-group-policy branches-vpn

tunnel-group branches-vpn ipsec-attributes

 pre-shared-key *

 isakmp keepalive threshold 10

 

 

From: swap m [mailto:ccie19804_at_gmail.com]
Sent: Tuesday, November 10, 2009 3:36 PM
To: Ryan West
Cc: CCIE; ccielab_at_groupstudy.com
Subject: Re: Ezay VPN error

 

try altering the configuration for isakmp keepalive..

 

post full configs..

 

On Tue, Nov 10, 2009 at 5:15 PM, Ryan West <rwest_at_zyedge.com> wrote:

Code versions please.

Sent from handheld.

On Nov 10, 2009, at 3:57 AM, "CCIE" <ccie_at_axizo.com> wrote:

> Hi experts,
>
> I am connecting Cisco 837 as a VPN client to an ASA, after a while of
> operation the client disconnect from the ASA side, then I must do
> clear
> crypto ipsec sa to reestablish the connect.
>
> Any advice or help about that?
>
> Regards,
>
> Amin
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Nov 11 2009 - 12:20:18 ART

This archive was generated by hypermail 2.2.0 : Tue Dec 01 2009 - 06:36:28 ART