04-15-2009 07:31 AM - edited 03-11-2019 08:18 AM
Hi all,
I've a ASA 5540 and configured a Site-to-Site VPN, but the IPSEC tunnels frequently goes down, and when I ping a remote host, the tunnels go UP.
Is there a way to keep the tunnels always UP?
Thanks
Tauer
04-15-2009 09:25 AM
You might be able to enter 0 for the idle timeout however not sure if this is possible. Why not just increase the idle timeout?
04-15-2009 09:42 AM
Configure isakmp keepalives on both ends...
securityappliance(config)#tunnel-group x.x.x.x ipsec-attributes
securityappliance(config-tunnel-ipsec)isakmp keepalive threshold 15 retry 10
04-15-2009 10:19 AM
ok... I'll apply.
I post the result
04-15-2009 06:00 PM
Enable dead peer detection with the following group level command:
isakmp keepalive
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
