If a new IP address is obtained, then the SA should be modified accordingly. That could be the reason.
With regards Kings On Thu, Jun 21, 2012 at 1:35 PM, Eugene Pefti <[email protected]>wrote: > Guys, > I understand that I ask for impossible but still would like to hear if > there's a chance to do something to prevent it. > Our client's 871 routers run as EzVPN remote while having ASA as VPN > headend and the majority of routers are connected to Internet via DHCP. > DHCP lease time is different and at some locations it is 600 seconds which > is absolutely stupid and insane. > Every time the router renews the IP the tunnel goes down and breaks few > critical applications. > The interval of 10 seconds during the tunnel re-establishment is high to > make it noticeable > > 031576: .Jun 20 23:32:21.555: %CRYPTO-6-EZVPN_CONNECTION_DOWN: > (Client) User=Store112 Group=Stores Server_public_addr=XXX.XXX.XXX.145 > **** > > 031577: .Jun 20 23:32:31.153: %CRYPTO-4-IKMP_NO_SA: IKE message from > XXX.XXX.XXX.145 has no SA and is not an initialization offer**** > > 031578: .Jun 20 23:32:31.838: %CRYPTO-6-EZVPN_CONNECTION_UP: (Client) > User=Store112 Group=Stores Client_public_addr=173.180.166.74 > Server_public_addr=XXX.XXX.XXX.145 NEM_Remote_Subnets= > 10.1.12.128/255.255.255.128 10.1.12.0/255.255.255.128 > > The router IPSec client profile setup is traditional: > > crypto ipsec client ezvpn TEST > connect auto > group TestVpn key ****** > mode network-extension > peer YYY.YYY.YYY.YYY > username store111 password 6 ******* > xauth userid mode local > > I'm just wondering if I were to do it with virtual-template and then the > virtual-access interface will use the physical routers interface as the > source will the tunnel stay up during the DHCP renewal? > > Eugene > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
