Easy VPN client (ASA5505) and IKE keepalive problem
My problem is I am using an ASA5505 (7.2.4 SW) as an easy VPN client. I want to set the IKE keepalive to 20 seconds with a 2 times retry. I have to set this in the tunnel group IPsec attributes section of the Easy VPN server (also ASA5505 with 7.2.4 SW)
tunnel-group TEST1 type ipsec-ra
tunnel-group TEST1 general-attributes
tunnel-group TEST1 ipsec-attributes
isakmp keepalive threshold 20 retry 2
when the client connects and I do a "show vpnclient detail" command I see
crypto isakmp nat-traversal 20
tunnel-group 184.108.40.206 type ipsec-ra
tunnel-group 220.127.116.11 ipsec-attributes
isakmp keepalive threshold 90 retry 5
having been learned from the Easy VPN server. Any ideas how I can reduce this on the client as 90 secs with a 5 times retry is way too long.
ASA Site-to-Site VPN using IKEV1 Configuration Example
Configure a Site-to-Site IPSec IKEv1 Tunnel Between an ASA and a Cisco IOS Router
Site-to-Site IKEv2 Tunnel between ASA and Router Configuration Examples
Site-to-Site VPN Tunnel wit...
Dear Community, So, according to the Cisco ISE Release 2.7 Administrator Guide, it should be possible to use a remote lock/wipe on MDM-devices that connect through ISE on the network( see the screenshot in the attachment).The problem is that th...
Hi, We currently have 2 Cisco 5525X ASA's in active/standby state. We have 750 concurrent Anyconnect licenses with the below licenses:AC-PLSM-5YR-500-S & AC-PLSM-5YR-250-S. (These are expiring soon) I have asked to get these renewed by our l...
Hi Everyone, Does anyone know if it is possible create a NAT for Cisco Anyconnect to a different IP so that the user doesn't have to use the External IP? We want to use a different dns name and assign to a different set group of users. Thank you...
"Choose one of the topics below to help you on your journey with NGFW/ASA"
Getting Started with Next-Genera...