cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.
Get the latest news in this issue of the Cisco Small Business Monthly Newsletter

1840
Views
0
Helpful
1
Replies
Beginner

ASA 5510 site-to-site vpn to SA520

We are a library with 2 small branches and I am setting up site-to-site vpn between the 3 buildings, and ran into a problem. We have a ASA 5510 at the main branch, and right now sonicwalls at the branches. They work great for the VPN, but lousy with our new VOIP system we just put in. I Googled these to see how they would work with the phones, and when I installed them in, they worked great with the phone system, but they kept dropping the site-to-site VPN connection to our ASA. They worked fine between the branches. I can't imagine it is our ASA as the sonicwalls never drop their connection. I updated the SA520's to the latest firmware and increased the IKE timeout to the max. We are using 3DES with SHA-1 encryption so it is nothing out of the ordinary. By looking at the logs, it doesn't give you too much information to go on.

Branch1                           Main                            Branch 2

192.168.2.0-->VPN ---> 192.168.0.0  <---VPN<--- 192.168.1.0

          ^                                                                ^

          |_______________________VPN __________|

Thanks for any information.

Everyone's tags (3)
1 REPLY 1
Highlighted
Rising star

ASA 5510 site-to-site vpn to SA520

Hi,

ASA-

Try disabling isakmp keepalive-

isakmp keepalive [threshold seconds] [retry seconds] [disable]

also

hostname(config)#group-policy DfltGrpPolicy attributes
hostname(config-group-policy)#vpn-session-timeout none



thanks
ajay