Is this called command line inconsistancy or documentation error. I am trying to disable isakmp keepalive by refering to following document.

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/vpn_groups.html#wp1049862

Look at the step # 6 how they tell reader to disable keepalive.

"

IKE keepalives are enabled by default. To disable IKE keepalives, enter the no form of the isakmp command: "

ASA1# sh run all tunnel-group <PEER-IP>

tunnel-group <PEER-IP> type ipsec-l2l

tunnel-group <PEER-IP> general-attributes

no accounting-server-group

default-group-policy ipsec-SDM

tunnel-group <PEER-IP> ipsec-attributes

ikev1 pre-shared-key *****

peer-id-validate req

no chain

no ikev1 trust-point

isakmp keepalive threshold 10 retry 2

no ikev2 remote-authentication

no ikev2 local-authentication

ASA1# config t

ASA1(config)# tunnel-group <PEER-IP> ipsec-attributes

ASA1(config-tunnel-ipsec)# no isakmp keepalive threshold 10 retry 2

ASA1(config-tunnel-ipsec)# end

ASA1# sh run all tunnel-group <PEER-IP>

tunnel-group <PEER-IP> type ipsec-l2l

tunnel-group <PEER-IP> general-attributes

no accounting-server-group

default-group-policy ipsec-SDM

tunnel-group <PEER-IP> ipsec-attributes

ikev1 pre-shared-key *****

peer-id-validate req

no chain

no ikev1 trust-point

isakmp keepalive threshold 10 retry 2

no ikev2 remote-authentication

no ikev2 local-authentication

ASA1# config t

ASA1(config)#  tunnel-group <PEER-IP> ipsec-attributes

ASA1(config-tunnel-ipsec)# no isa

ASA1(config-tunnel-ipsec)# no isakmp kee

ASA1(config-tunnel-ipsec)# no isakmp keepalive ?

tunnel-group-ipsec mode commands/options:

  disable    Disable IKE keepalives

  retry      Enter the interval between retries after a keepalive response has

             not been received.

  threshold  Enter the number of seconds that the peer is allowed to idle

             before beginning keepalive monitoring

  <cr>

ASA1(config-tunnel-ipsec)# no isakmp keepalive

ASA1(config-tunnel-ipsec)# end

ASA1# sh run all tunnel-group <PEER-IP>

tunnel-group <PEER-IP> type ipsec-l2l

tunnel-group <PEER-IP> general-attributes

no accounting-server-group

default-group-policy ipsec-SDM

tunnel-group <PEER-IP> ipsec-attributes

ikev1 pre-shared-key *****

peer-id-validate req

no chain

no ikev1 trust-point

isakmp keepalive threshold 10 retry 2

no ikev2 remote-authentication

no ikev2 local-authentication

ASA1# sh run tunn

ASA1# sh run tunnel-group <PEER-IP>

tunnel-group <PEER-IP> type ipsec-l2l

tunnel-group <PEER-IP> general-attributes

default-group-policy ipsec-SDM

tunnel-group <PEER-IP> ipsec-attributes

ikev1 pre-shared-key *****

ASA1# config t

ASA1(config)# tunnel-group <PEER-IP> ipsec-attributes

ASA1(config-tunnel-ipsec)# no isa

ASA1(config-tunnel-ipsec)# no isakmp kee

ASA1(config-tunnel-ipsec)# no isakmp keepalive ?

tunnel-group-ipsec mode commands/options:

  disable    Disable IKE keepalives

  retry      Enter the interval between retries after a keepalive response has

             not been received.

  threshold  Enter the number of seconds that the peer is allowed to idle

             before beginning keepalive monitoring

  <cr>

ASA1(config-tunnel-ipsec)# isa

ASA1(config-tunnel-ipsec)# isakmp kee

ASA1(config-tunnel-ipsec)# isakmp keepalive dis

ASA1(config-tunnel-ipsec)# isakmp keepalive disable

ASA1(config-tunnel-ipsec)# end

ASA1# sh run tunn

ASA1# sh run tunnel-group <PEER-IP>

tunnel-group <PEER-IP> type ipsec-l2l

tunnel-group <PEER-IP> general-attributes

default-group-policy ipsec-SDM

tunnel-group <PEER-IP> ipsec-attributes

ikev1 pre-shared-key *****

isakmp keepalive disable

ASA1#