CIsco IOS EZVPN Timeout Issue
mrjoshuap
Posts: 8Member ■□□□□□□□□□
Hello All,
I have an issue i'm hoping someone can assist me with or provide valuable feedback.
I just got my home router a 2821 configured as a EZVPN server, as of right now i have everything configured to where i can connect and access all my devices on my local lan. However the ISAKMP SA only allows to be connected for 60mins at a time, i tried adjusting the ISAKMP policy lifetime but it turn out that the default max life seem to be only 86400 seconds. Is there a way i can disable the lifetime of the ISAKMP policy so it's always up as long as i have traffic flowing?
Please see below for exact router config;
crypto isakmp policy 10
encr aes
authentication pre-share
hash sha
group 2
crypto isakmp key Pr0Duct1on address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-pool local EZVPN_POOL
!
ip local pool EZVPN_POOL 172.16.1.1 172.16.1.254
!
crypto isakmp client configuration group EZVPN
key Pr0Duct
dns 167.206.7.4 167.206.112.138
domain Production-Network.net
pool EZVPN_POOL
include-local-lan
max-users 10
max-logins 10
netmask 255.255.255.0
!
crypto isakmp profile EZVPN_PROFILE
match identity group EZVPN
client authentication list EZVPN_RADIUS
isakmp authorization list GROUP
client configuration address respond
client configuration group EZVPN
virtual-template 1
!
crypto ipsec transform-set EZVPN_SET esp-aes esp-sha-hmac
!
crypto ipsec profile EZVPN_PROFILE
set transform-set EZVPN_SET
set isakmp-profile EZVPN_PROFILE
!
interface Virtual-Template1 type tunnel
description EZVPN_USER_CRYPTO
ip unnumbered GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel path-mtu-discovery
tunnel protection ipsec profile EZVPN_PROFILE
ip nat inside
HQ_BK_E55th_RT1#sh crypto isakmp sa de
C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap.
1024 47.0.0.0 152.0.0.0 ACTIVE aes sha 2 00:47:32 CXN
Engine-id:Conn-id = SW:24
I have an issue i'm hoping someone can assist me with or provide valuable feedback.
I just got my home router a 2821 configured as a EZVPN server, as of right now i have everything configured to where i can connect and access all my devices on my local lan. However the ISAKMP SA only allows to be connected for 60mins at a time, i tried adjusting the ISAKMP policy lifetime but it turn out that the default max life seem to be only 86400 seconds. Is there a way i can disable the lifetime of the ISAKMP policy so it's always up as long as i have traffic flowing?
Please see below for exact router config;
crypto isakmp policy 10
encr aes
authentication pre-share
hash sha
group 2
crypto isakmp key Pr0Duct1on address 0.0.0.0 0.0.0.0
crypto isakmp client configuration address-pool local EZVPN_POOL
!
ip local pool EZVPN_POOL 172.16.1.1 172.16.1.254
!
crypto isakmp client configuration group EZVPN
key Pr0Duct
dns 167.206.7.4 167.206.112.138
domain Production-Network.net
pool EZVPN_POOL
include-local-lan
max-users 10
max-logins 10
netmask 255.255.255.0
!
crypto isakmp profile EZVPN_PROFILE
match identity group EZVPN
client authentication list EZVPN_RADIUS
isakmp authorization list GROUP
client configuration address respond
client configuration group EZVPN
virtual-template 1
!
crypto ipsec transform-set EZVPN_SET esp-aes esp-sha-hmac
!
crypto ipsec profile EZVPN_PROFILE
set transform-set EZVPN_SET
set isakmp-profile EZVPN_PROFILE
!
interface Virtual-Template1 type tunnel
description EZVPN_USER_CRYPTO
ip unnumbered GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel path-mtu-discovery
tunnel protection ipsec profile EZVPN_PROFILE
ip nat inside
HQ_BK_E55th_RT1#sh crypto isakmp sa de
C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap.
1024 47.0.0.0 152.0.0.0 ACTIVE aes sha 2 00:47:32 CXN
Engine-id:Conn-id = SW:24
Comments
Below i have the article i used to help me figure out what the problem was. I hope some Apple users find this very useful.
Link ---> https://discussions.apple.com/thread/3275811
Thanks.