IP Phone over Site-to-Site VPN dropping at 30 minutes

corey.mckinney · ‎02-01-2012

I have a remote site with an ASA 5505 connecting to my corporate site with an ASA 5520. When a call is made from the remote site to the corporate site, it is dropped at exactly 30 minutes into the call. The CUCM cluster that controls both sites is at the corporate site.

Any insite?

yahsiel2004 · ‎02-01-2012

Corey,

Verify the lifetime setting under the "crypto isakmp policy" It may bet set to 1800 seconds whic is 30 minutes. Example below:

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

Regards,

Yosh

HTH Regards, Yosh

corey.mckinney · ‎02-01-2012

Thank you for the reply. All of the crypto isakmp policies have a lifetime of 86400. Another thing to add is that even when the call drops at 30 minutes, the VPN tunnel stays active and does not reset.

kpastores · ‎02-01-2012

I am wondering if you are hitting the default timeouts:

(

•h323 hh:mm:ss is 5 minutes (00:05:00).

•half-closed hh:mm:ss is 10 minutes (00:10:00).

•icmp hh:mm:ss is 2 minutes (00:00:02)

•mgcp hh:mm:ss is 5 minutes (00:05:00).

•mgcp-pat hh:mm:ss is 5 minutes (00:05:00).

•rpc hh:mm:ss is 10 minutes (00:10:00).

•sip hh:mm: is 30 minutes (00:30:00). <-- 30 mintues

ex:

http://www.cisco.com/en/US/docs/security/asa/asa71/command/reference/t_711.html#wp1318629

For testing purpose, adjust the default and see if it does make a difference, if it does then we'll have to figure out next step on why its hitting this when you have an active call.