Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
980
Views
0
Helpful
3
Replies

ASA to ASA - IPSEC LAN-To-LAN VPN - Telnet sessions die

smunzani
Level 1
Level 1

‎05-09-2011 09:38 AM - edited ‎02-21-2020 05:19 PM

Hi,

I have observed that after a few minutes of idle time(no  key strokes) the telnet sessions drop for my lan-to-lan tunnel between an ASA5505 and ASA5510. Since telnet doesn't have keepalive function, is there any cisco option for lan to lan VPN keeplive that I can leverage? An alternative here is make changes to IPSEC timeout values but that's not a good thing to do. I disabled PFS just in case that's causing the session to drop but that didn't help.

Thanks,

Sam

Labels:
0 Helpful
3 Replies 3

Roman Rodichev
Level 7
Level 7

‎05-09-2011 10:10 AM

Disable DPD under tunnel-group (isakmp keepalive disable)

0 Helpful

smunzani
Level 1
Level 1
In response to Roman Rodichev

‎05-09-2011 01:01 PM

I just changed it. I will know how it goes in a few.

So PFS has nothing to do with this and I can potentially enable PFS?

Thanks,

Sam

0 Helpful

Roman Rodichev
Level 7
Level 7
In response to smunzani

‎05-09-2011 01:31 PM

PFS makes IPSEC SA keys more secure, and shouldn't cause what you are experiencing

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents