NAT timeout for failover w / double ISPS

Similar Questions

• Site to Site VPN IPSEC for multisite with dual ISP failover

  Hello world

  I have total 6 ASA 5505, I already built failover with double tis. Now, I want to configure site 2 site VPN for all 3 sites. Each site has 2 firewall.

  I just built a config for 2 a site WHAT VPN here is the config for a single site.

  local ip address: 172.16.100.0

  IP of the pubis: 10.5.1.101, 10.6.1.101

  Remote local ip: 172.16.101.0

  Remote public ip: 10.3.1.101, 10.4.1.101

  Remote local ip: 192.168.0.0

  Remote public ip: 10.1.1.101, 10.2.1.101

  the tunnel on the first 2 firewall configuration:

  IP 172.16.100.0 allow Access-list vpn1 255.255.255.0 172.16.101.0 255.255.255.0

  backupvpn1 ip 172.16.100.0 access list allow 255.255.255.0 172.16.101.0 255.255.255.0

  ip 172.16.100.0 access VPN2 list allow 255.255.255.0 192.168.0.0 255.255.255.0

  backupvpn2 ip 172.16.100.0 access list allow 255.255.255.0 192.168.0.0 255.255.255.0

  IP 172.16.100.0 allow Access-list sheep 255.255.255.0 172.16.101.0 255.255.255.0

  172.16.100.0 IP Access-list sheep 255.255.255.0 allow 192.168.0.0 255.255.255.0

  !

  !

  NAT (inside) 0 access-list sheep

  NAT (inside) 1 0.0.0.0 0.0.0.0

  !

  !

  !

  crypto ISAKMP allow outside

  ISAKMP crypto enable backup

  crypto ISAKMP policy 10

  preshared authentication

  3des encryption

  sha hash

  !

  !

  !

  Crypto ipsec transform-set esp-3des esp-sha-hmac my-set1

  card crypto outside_map 1 match for vpn1

  peer set card crypto outside_map 1 10.3.1.101

  My outside_map 1 transform-set-set1 crypto card

  outside_map interface card crypto outside

  !

  !

  card crypto outside_map 2 match address backupvpn1

  peer set card crypto outside_map 2 10.4.1.101

  My outside_map 2 transform-set-set1 crypto card

  backup of crypto outside_map interface card

  !

  !

  !

  Crypto ipsec transform-set esp-3des esp-sha-hmac my-set2

  crypto outside_map 3 game card address vpn2

  peer set card crypto outside_map 3 10.1.1.101

  My outside_map 3 transform-set-set2 crypto card

  outside_map interface card crypto outside

  !

  !

  card crypto 4 correspondence address backupvpn2 outside_map

  peer set card crypto outside_map 4 10.2.1.101

  My outside_map 4 transform-set-set2 crypto card

  backup of crypto outside_map interface card

  !

  !

  !

  tunnel-group 10.3.1.101 type ipsec-l2l

  IPSec-attribute Tunnel-Group 10.3.1.101

  pre-shared key cisco

  ISAKMP keepalive retry 20 3 threshold

  !

  !

  tunnel-group 10.4.1.101 type ipsec-l2l

  IPSec-attribute Tunnel-Group 10.4.1.101

  pre-shared key cisco

  ISAKMP keepalive retry 20 3 threshold

  !

  !

  tunnel-group 10.1.1.101 type ipsec-l2l

  IPSec-attribute Tunnel-Group 10.1.1.101

  pre-shared key cisco

  ISAKMP keepalive retry 20 3 threshold

  !

  !

  tunnel-group 10.2.1.101 type ipsec-l2l

  IPSec-attribute Tunnel-Group 10.2.1.101

  pre-shared key cisco

  ISAKMP keepalive retry 20 3 threshold

  !

  !

  backup of MTU 1500

  If this correct what should I configure other side that I want to finish in front of it. Is my address name vpn1 crypto card must match on the other side or not?

  any suggestion is good...

  Thank you...

  What I mean with the routing is a routing protocol or static routes the SAA can choose between interfaces to establish the tunnel.

  If the ASA has the card encryption applied to two interfaces, then one should be used as primary and the other as backup.

  How will be the ASA choose which is better? Via the routing.

  If you use a routing protocol, the ASA will be known which interface to send packets every time, but if using static routes, you need to change the metric and configuring IP SLA.

  Federico.

• Timeout for the HTTPTransport KSoap2

  Hi all

  I have a project where I need to download a large amount of data from .NET web service to the device. I'm using KSoap2 and everything works fine until I actually start the download. I get an error "Connection Timeout".

  I tested the web service separately (from a site) and takes about 5 minutes to download. I also tested the BB project with a small amount of data to the web service itself and everything works fine. I am able to receive the returned data, but as soon as I try to download chuck raining data, the connection times out.  That said, I have 2 questions:

  1. how to specify the timeout for a connection HTTPTransport? I would like to be able to put 10 min for example to avoid time-out error.

  2. is there a limit to the amount of data the device can receive when using HTTPTransport?

  Thanks in advance,

  Daniel

  1 on timeout:

  -------------------------

  Take a look at this thread on the definition of timeout in httpConnection.

  http://supportforums.BlackBerry.com/Rim/Board/message?board.ID=java_dev&message.ID=25155&query.ID=26...

  You can use the SocketConnectionEnhanced interface that allows you to set the timeout fom a direct TCP connection.

  How - to control the timeout for TCP connections via BlackBerry Mobile data system connection Service

  http://www.BlackBerry.com/knowledgecenterpublic/livelink.exe/fetch/2000/348583/800451/800563/How_To _...

  2. data about

  --------------------------------

  There are limits on the amount of data that can be downloaded by connection. See this article.

  What is - HTTP 413 request entity too large

  http://www.BlackBerry.com/knowledgecenterpublic/livelink.exe/fetch/2000/348583/800451/800563/What_Is...

  But you can download data piece by piece. See this article.

  How - to download large files using the BlackBerry Mobile data system

  http://www.BlackBerry.com/knowledgecenterpublic/livelink.exe/fetch/2000/348583/800332/800431/How_To _...

  Concerning

  Bika

• Double balancing while NAT is based on the load ISP

  Please send me an example configuration for dual ISP load balancing while NAT is running.

  ollyahmed,

  If you are looking specifically for a router, then the following configuration would be good.

  There is a quick need to change the configuration depending on the type of configuration you use, I mean (QOS policy, follow-up (ip SLAs) and route directions.

  version 15.2
  horodateurs service debug datetime msec

  Log service timestamps datetime msec

  no password encryption service

  IP cef

  !

  Authenticated MultiLink bundle-name Panel

  !

  track 1 accessibility of als 1 ip

  !

  Track 2 accessibility of ALS 2 ip

  !

  class-map correspondence Skype

  Skype Protocol game

  !

  Skype-political policy-map

  class Skype

  DSCP ef Set

  !

  interface GigabitEthernet0/0

  Description of the IP LAN 10.0.0.1 255.255.254.0 nat ip in ip virtual-reassembly speed automatic duplex

  !

  interface GigabitEthernet0/1

  TASK description

  address IP 213.192.65.106 255.255.255.252 ip access-group 101 in ip nat outside ip virtual-reassembly in crypto of automatic speed auto two-sided map political GLIWICE-map service entry out of service-policy Skype-Skype-strategy

  !

  interface GigabitEthernet0/2

  Description of the "Wit-NET" 0030.4f61.5521 193.107.215.133 mac address ip address 255.255.255.224 ip access-group 101 in ip nat outside ip virtual-reassembly speed automatic duplex
  !

  IP default-gateway 213.192.65.105 ip forward-Protocol nd

  IP nat inside source map route nat_isp1 interface GigabitEthernet0/1 overload ip nat inside source route nat_isp2 interface GigabitEthernet0/2 overhead map

  IP nat inside source static tcp 10.0.0.24 777 193.107.215.133 777 extensible ip nat inside source static tcp 10.0.0.2 1723 193.107.215.133 1723 extensible ip nat inside source static tcp 10.0.0.24 213.192.36.106 777 777 stretch
  ! - the more static routes has been omitted.

  Route IP default-network 213.192.65.105 ip 0.0.0.0 0.0.0.0 213.192.65.105 track 1

  IP route 0.0.0.0 0.0.0.0 193.107.215.129 track 2

  ALS IP 1

  echo ICMP - 213.192.65.105 source-interface GigabitEthernet0/1
  threshold frequency 2 1000 5 timeout

  IP SLA annex 1 point of life to always start-time now

  IP sla 2 icmp echo - 193.107.215.129 source-interface GigabitEthernet0/2 threshold 2 timeout 1000 frequency 5

  IP SLA annex 2 to always start-time life now

  !

  access-list 110 deny ip 10.0.0.0 0.0.1.255 10.0.100.0 0.0.0.255

  access-list 110 permit ip 10.0.0.0 0.0.1.255 ip 10.0.0.0 allow any access list of 190 0.0.1.255 10.0.100.0 0.0.0.255

  SPECIAL route-map permit 10
  corresponds to the IP 110

  is the interface GigabitEthernet0/1!

  map of route track_isp permit 10 match ip address 101 game interface GigabitEthernet0/1 set ip next-hop 213.192.65.105

  !

  track_isp allowed 20 match ip route map address 102 game interface GigabitEthernet0/2 set ip next-hop 193.107.215.129! map of route nat_isp2 permit 10 match ip address 110 game interface GigabitEthernet0/2! map of route nat_isp1 permit 10 match ip address 110 game interface GigabitEthernet0/1! -See more at: https://supportforums.cisco.com/discussion/11710646/dual-isp-connection-...

• SSH stops in double ISP configuration

  ASA 7.2 (4)

  I (unfortunately!) properly configured a site with double TIS, several site to site VPN (which do not failover), going forwards, etc... The only question that remains is SSH. Before adding a 2nd ISP, ssh on the inside and outside has worked well as expected. When the two interfaces of PSI are active and traffic moves on the primary, SSH is 'scales' on all 3 interfaces. Watch monitoring tool that goes up and down and is confirmed when I actually try to connect to it. Puzzled. Attached sanitized config, but for me, the party concerned is...

  SSH 0.0.0.0 0.0.0.0 inside

  SSH 67.xxx.xxx.0 255.255.255.0 outside

  SSH 67.xxx.xxx.0 255.255.255.0 cable

  SSH timeout 15

  I could maybe understand if the interface not in use has expired due to lack of a return path, but all 3 interfaces are defective. As soon as one of the 2 wan interfaces is disconnected, ssh is well on the other 2.

  Thank you

  Ed

  Yes, the way back could be a problem. I appreciate that you try to SSH on the internet and not on the VPN tunnel.

  Can you check if it contains the same way when you try to access ASDM?

  Can console yourself in the SAA and to collect and capture of ASA internet facing interfaces while you try to SSH.

• Cisco ASA: Redundancy of double ISP VPN...

  Hello, if it anyway to configure vpn site to site redundancy using a cisco asa. I know that I can configure the redundancy using two ISP on my cisco ASA, pointing to the same peer, but what if I need to point to different peers but to protect the same networks...

  I know it's possible in routers using tunnels gre + ipsec or VTI, but if there of still something similar using cisco ASA?

  Any help will be appreciated! Thank you!

  

  Hello

  Yes, Nagiswaren is right. For example, you have this:

  Based on the image above and your answers, you need to configure something like this:

  Subnet mask IP address name interface method
  Ethernet0/0 outsideVPN 10.198.16.143 255.255.255.224 manual
  Ethernet0/1 inside 172.31.255.1 255.255.255.0 Manual
  Ethernet0/2 outside-VPN2 10.198.29.21 255.255.255.224 manual

  Ethernet0/3 INTERNET 12.12.12.12 255.255.255.224 manual

  155 extended access-list allow ip 10.0.20.0 255.255.255.0 10.0.10.0 255.255.255.0
  IP 10.0.20.0 allow Access-list extended sheep 255.255.255.0 10.0.10.0 255.255.255.0

  NAT (inside) 0 access-list sheep

  Crypto ipsec transform-set esp-3des esp-md5-hmac 3DES-MD5

  correspondence address card crypto mymap 10 155
  map mymap 10 set peer 1.1.1.1 crypto 2.2.2.2
  mymap 10 transform-set 3DES-MD5 crypto card
  card crypto mymap interface outsideVPN
  crypto interface outside-VPN2 mymap map
  ISAKMP crypto enable outsideVPN
  ISAKMP crypto enable outside-VPN2

  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  md5 hash
  Group 2
  life 86400

  tunnel-group 1.1.1.1 type ipsec-l2l
  tunnel-group 1.1.1.1 ipsec-attributes
  pre-shared-key cisco123

  tunnel-group 2.2.2.2 type ipsec-l2l
  2.2.2.2 tunnel-group ipsec-attributes
  pre-shared-key cisco123

  =============================================================================================

  FOLLOW-UP OF THE OBJECT

  Track 100 rtr 10 accessibility
  ALS 10 monitor
  type echo protocol ipIcmpEcho 4.2.2.2 interface outsideVPN
  NUM-package of 3
  frequency 10
  Annex monitor SLA 10 life never start-time now

  course INTERNET 0.0.0.0 0.0.0.0 12.12.12.1 1

  Route outsideVPN 1.1.1.1 255.255.255.255 10.198.16.129 1 followed by 100

  Route outsideVPN 2.2.2.2 255.255.255.255 10.198.16.129 1 followed by 100

  Route outsideVPN 10.0.10.0 255.255.255.0 10.198.16.129 1 followed by 100
  Route outsideVPN 4.2.2.2 255.255.255.255 10.198.16.129 1

  Route outside-VPN2 1.1.1.1 255.255.255.255 10.198.29.1 254
  Route outside-VPN2 2.2.2.2 255.255.255.255 10.198.29.1 254

  Route outside-VPN2 10.0.10.0 255.255.255.0 10.198.29.1 254

  I used 4.2.2.2 but you can use the isps1 IP address.

  ==========================ROUTER===================================================================
  crypto ISAKMP policy 1
  BA 3des
  preshared authentication
  Group 2

  access-list 133 allow ip 10.0.10.0 0.0.0.255 10.0.20.0 0.0.0.255

  ISAKMP crypto key cisco123 address 10.198.16.143 No.-xauth

  ISAKMP crypto key cisco123 address 10.198.29.21 No.-xauth

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  primary-card 10 map ipsec-isakmp crypto
  defined by peer 10.198.16.143

  defined by peer 10.198.29.21
  game of transformation-ESP-3DES-SHA
  match address 133

  secondary-card 10 map ipsec-isakmp crypto
  defined by peer 10.198.16.143

  defined by peer 10.198.29.21
  game of transformation-ESP-3DES-SHA
  match address 133

  interface FastEthernet0
  IP 1.1.1.1 255.255.255.0
  crypto primer-card card

  interface FastEthernet1
  IP address 2.2.2.2 255.255.255.0
  card crypto high school-map

  Interface Vlan1 * inside the interface *.
  IP 10.0.10.1 255.255.255.0

  1 IP sla monitor
  Protocol type echo 4.2.2.2 ipIcmpEcho
  timeout of 1000
  frequency 3
  threshold 2

  IP sla monitor Appendix 1 point of life to always start-time now
  accessibility of rtr 1 track 123

  IP route 4.2.2.2 255.255.255.255 1.1.1.254 permanent
  IP route 10.198.16.143 255.255.255.255 1.1.1.254 1 follow 123

  IP route 10.198.29.21 255.255.255.255 1.1.1.254 1 follow 123

  IP route 10.0.20.0 255.255.255.0 1.1.1.254 1 follow 123

  IP route 10.198.16.143 255.255.255.255 2.2.2.254 200

  IP route 10.198.29.21 255.255.255.255 2.2.2.254 200

  IP route 10.0.20.0 255.255.255.0 2.2.2.254 200

  -josemed

• NAT Type for PS3 (wrt610N) question

  I have the wrt610N cable Internet and Modern Warefare 2 play on the PS3. Since day 1, I had a Type 2 Nat type depending on the internet connection of the PS3 test.  Modern Warfare 2 includes a Nat Type indicator on the lobby screen and mine said always moderate.

  Well, after a little research, I forwarded my ports and hop, he says that my NAt type is open. Yesterday I accidentally unplugged the router and now my screen of the lobby still moderate.  My ports are always transmitted, so I have no idea of what is happening.  Any ideas?

  Someone suggested that I can just go into the router and configure it to open, but it doesn't sound right.  Also, I read some posts on here and noticed people mentioning something on the home network defender in the Management tab.  I have no option.  Someone knows why?

  Port 10070 - 10080 not required for MW2, however, it is necessary for the PS3... As far as the DNS is concerned, I provided you DNS on the router, you can either use router DNS, DNS ISP or the universal DNS 208.67.222.222 and 208.67.220.220... any of them.

• FaceTime does not account for failover of screen lock

  Hi all

  I've had this problem for a while now (at least since iOS 8) as well as with different iPhones (5, 5s, 6s). I usually failover of screen lock ON since I like to use my phone while on the couch or in bed and do not want to worry that the screen rotates another every minute.

  The bug following (?) that bothers me and a lot of my girlfriend:

  Screen rotation lock, I lie in bed (would be horizontal mode but it is vertical because it is locked) and I run a FaceTime call.

  -> FaceTime uses horizontal mode and ignores the lock of flipping screen in a vertical position

  Screen rotation lock ON, I start the FaceTime call in vertical mode-> all is good.

  Until I turn to another application, while holding the iPhone horizontally. The other application is in vertical mode (as it should be as flipping screen lock is on) but as soon as I return to FaceTime, FaceTime ignores the failover of screen lock and switch to horizontal mode.

  The solution in both cases:

  (1) I have to disable the blocking of the rotating screen (SRL),

  (2) hold the iPhone upright,

  (3) wait until FaceTime changes in vertical mode,

  (4) to activate once again, SRL

  (5) lie down with my iPhone in landscape mode.

  I don't see how this can be a feature! We are the only ones who are bothered by that?

  If you have a solution, please tell me. If this is not a bug but a feature, please describe a situation where this behavior makes sense.

  I thank very you much.

  Best regards

  Maxim

  Wait for the next update of iOS (9.3), it won't take very long I guess.

• issue of timeout for the fpga 9870

  I'm collecting series instrument (read-only) data, instrument using 115200 baud, 8 bits, no parity 1 stop and no control flow, none of which are configurable.

  It works generally fine but sometimes it starting delay, by examining the properties of port, it says 0 bytes available there, but the instrument is always sending bytes. Disconnect the cable series and reconnecting gets it going again... But why?

  I detect and recover with happiness (framing, etc) communication errors, but I can't get anything to recover from occurrence of timeout exception of physical intervention.

  If I only connect the instrument and the start (forcing a real timeout) and plug in the unit, it will always be fortunately seems to start.

  At this point, I would be 'reset' the port on a timeout, but I can't find a method/technique to do so.

  It is a 9014 with 9114 chassis module 9870 (among others) and a labview 11 sp1

  Eric416,

  I had a 9870 running in a cRIO-9074 (scan mode) for some time now without any problems.  I think I'd still try the isolator just to eliminate the posibility of equipment short.  Then I hang a noculars on the TX/RX and see what kinds of things are spend on start-up/power.  Have you tried to have your code close, then reopen the VISA session when the time-out occurs?

• search for files in doubles on hard drives

  Is it possible to find all the files in duplicate on a large hard drives, so I would remove duplicates of files that may be on the disc 'C' and 'E'

  Hello

  Here are several free utilities and they have all their benefits and their methods.

  Auslogics Duplicate File Finder is the MD5 search engine that allows to find files duplicated content,
  Despite all other matching criteria. It would be useful, for example, when two identical pieces of mp3 or video files
  have different names
  http://www.Auslogics.com/en/software/duplicate-file-Finder

  find and delete the duplicate - free
  http://www.easyduplicatefinder.com/
  Versions Installer and Portable

  Search files in doubles or similar - even binary - free
  http://www.Joerg-Rosenthal.com/en/antitwin/

  quickly find all the files in a folder and its subfolders - free duplicate
  http://www.Mindgems.com/products/fast-duplicate-file-Finder/fast-duplicate-file-Finder-about.htm

  Duplicate File Finder - Smart Port Forwarding - TCP Port Scanner - TCP Port Tunnel - multi-minuterie-free
  http://www.brooksyounce.com/

  Duplicate File Finder software (pictures, mp3, iTunes)
  http://www.Moleskinsoft.com/

  Hope these helps.

  Rob - bicycle - Mark Twain said it is good.

• Failure of SQL replication for failover Unity4.03

  After 4.03 failover configuration, no SQL replication was the installation of the FOW. We have tried to re - run the FOW on the primary failover server but now always get the following error:

  has failed to remove the cisco unity objects that are associated with the secondary server of trhe dirctory - DETAILED INFORMATION: iavrdbconnection::initialize () method returned [0 x 80048807].

  Cannot progress any more away and the unit does not start.

  After looking at diag_failoverconfig_xx the file registers several failures at the end ' could not connect to the underlying database to aid: provider = sqloledb; driver = {sql server}; DataSource = ... etc"

  Here are the steps that I found to work to solve this problem.

  Secondary Failover Setup Wizard fails to complete on Windows

  2003 (WS03). A popup is produced and says:

  "Cannot remove objects from Cisco Unity regarding the secondary server from the directory.

  DETAILED INFORMATION:

  "Method IAvRdbConnection::Initialize () return [0 x 80048807]:

  Conditions:

  Environment - 4.0 (4) unit on a Windows 2003 server with failover

  Workaround solution:

  In SQL Server Enterprise Manager delete "(local) (Windows NT)" record from SQL Server. Create a new record of SQL Server that is associated with the server.

  1. open SQL Server Enterprise Manager on the secondary server.

  2. expand the tree for SQL server (it should be labeled as (local) (Windows

  NT)

  3. right click and select "Unregister SQL Server"

  4. check that the Registion server is deleted.

  5. Select and right click on SQL Server group.

  6. Select "new SQL Server Registration.

  7. Select the associated Active Server.

  8. Select the default settings.

  9. Repeat for the primary server.

  10 restart the primary and secondary server.

  11 rerun the Configuration Wizard of failover to the secondary server by the documentation.

• Search for failover

  After installing the Prim unit and 2, I ran DBWalker. There was 2 errors:

  1233: (Error) the extension number for this conflist ojb with one or more object in the directory. Obj all found to use ex #9991

  List of original with full name = all the Subs - Unity1

  List of original with full name = all the Subs - Unity2

  I haven't run Assistant failover and yet if you ask if it's ok or not?

  Thank you

  It's OK - public distribution lists are 'shared' between the unit installed in the same directory - usually awarding extension numbers that they must be made with caution for this reason. It's ok in General, because you can't compose a public distribution list directly, you can only he addressed by Id or name and the sequence of research will find that local first before of past and you are looking for (s) overall that can be there. But dbWalker barks on the potential conflict when even...

• standby ip addresses? are required on all interfaces monitored for failover

  Hi all

  I need clarification on an interesting question that I observed during the configuration of an active installation / standby to be able to use 2 x 5525 cisco with version 8.6;

  Here is the configuration, we have 4 subnets that we need to keep separate. I have each of the ASAs connected to different subnets. However, only 1 subnet's IP address configured standby while all other subnets have only an active address on the active firewall. As this is a failover scenario, I have 2 interfaces for LAN and stateful failover.

  I just test the failover on 2 subnets without any standby ip address and to my surprise, everything seems to work as expected. Just need for clarification on why we need sleep on the monitored interfaces addresses when clearly the installer can work without any configured. Are there implications with instance without standby ip addresses?

  Thank you

  Especially at your facility can happen many things cannot be recognized by the ASA without a correct installation of failover. This could be a port of mafunctioning in your infrastructure for example.

  But leave approach it the other way around: what advantages do you see in the implementation in a non-standard way? Or what kind of problems do you expect? Usually the night before IP is not configured if there is no IP address for example on the outside interface.

  --
  Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
  http://www.Kiva.org/invitedBy/karsteni

• Connection problem SSL QuickVPN for RV042 only through ISP specific

  Hello

  I noticed a frequent problem using QuickVPN to connect via a RV042.  With an access provider specific (Rogers cable) occasionally for a particular location internet to the Canada QuickVPN stop to be able to connect in my work VPN (although a RV042), even if it had been fine connection before (and can often connect through the same ISP somewhere else).  Although the RV042 is reached and a TCP connection is formed, the SSL connection fails and the problem persists indefinitely.  If I connect to the computer (a laptop Windows Vista) to another ISP, I am able to connect properly.  Restart the cable modem/router do not solve the problem.  I saw once a occurring in similar problem with another ISP (DSP from Bell internet to the Canada), but in this case restart the modem/router DSL has solved the problem.

  I suspect that the edge router in the ISP meets certain problems related to the delivery of SSL connection.

  If anyone has experienced this problem or knows a resolution?

  Thank you
  Mark

  The only configuration for PPTP is to activate the feature, specify the subnet, the router assigns to the logged-in user, then make a PPTP user. It is about as fast as QVPN and uses the built-in MS client.

  -Tom
  Please evaluate the useful messages

• Configuration of a timeout for an IPSEC tunnel

  With a VPN connection from site to site between two Cisco 837 s, is it possible that I can set up the IPSEC tunnel to be razed after a period of inactivity and, then, the tunnel is built again when more traffic is passed?

  Hi mitchen

  A sense (but probably not what you're looking for), to "timeout" the IPSEC Session is to use the SA IPSEC-life expectancy.

  If the connection is still required (crypto acl are triggered) the connection will be restored, otherwise it will be demolished.

  HIS life is without delay of inactivity but it is used to "re-authenticate/restore / offer more security" for the IPSEC tunnel on a regular basis.

  With a "Newer" IOS, there is a feature called:

  seconds of downtime ipsec crypto - security association

  This can be created or specified by peers worldwide.

  You will find all the details here:

  http://www.Cisco.com/en/us/partner/products/SW/iosswrel/ps1839/products_feature_guide09186a00801541d4.html#wp1027129

  "Remember messages useful rate."

  Greetings

  Jarle

  Greetings

  Jarle