Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
816
Views
5
Helpful
3
Replies

Tunnel in ipsec vpn during idle time

alsayed
Level 1
Level 1

‎12-12-2009 01:34 AM - edited ‎03-04-2019 06:57 AM

hi guys!

what command should i use to  let the tunnel always up using  ipsec vpn without initiate any traffic during the idle time on the asa?

Thanks

Labels:
0 Helpful
3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎12-28-2009 12:49 AM

Hello Alsayed,

as in routers the security associations SA have a lifetime based on two factors: time and traffic volume.

see

IPsec SAs use a derived, shared, secret key. The key is an integral part of the SA; they time out together to require the key to refresh. Each SA has two lifetimes: "timed" and "traffic-volume." An SA expires after the respective lifetime and negotiations begin for a new one. The default lifetimes are 28,800 seconds (eight hours) and 4,608,000 kilobytes (10 megabytes per second for one hour).

https://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ike.html#wp1042781

Be aware that extending the lifetime exposes to security risk so it is not recommended.

the best way would be to have a GRE tunnel encapsulated in IPSec on the ASA originated and terminated on routers with a routing protocol running on it and high metric so that is not used until primary path is active.

R1 ---- ASA1 ---------------------------- ASA2 --- R2

Hope to help

Giuseppe

alsayed
Level 1
Level 1
In response to Giuseppe Larosa

‎12-28-2009 04:35 AM

Hello Giuseppe!

Thanks for ur reply

0 Helpful

alsayed
Level 1
Level 1
In response to alsayed

‎12-28-2009 05:35 AM

Freind Giuseppe, I need the tunnel to be up all time and ready whenever data to be send or not.

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card