How make up a S2S VPN tunnel for permenant

sathish.ippani · ‎08-01-2014

Hi,

We have Cisco ASA 5525 running IOS ver 9.1.3, s2s vpn is working fine, we want to make the tunnel up for lifetime.

Can any body let us know the possible config changes.

Thanks

Jouni Forss · ‎08-01-2014

Hi,

I would imagine that you would have to create a "group-policy" that you would attach to the "tunnel-group" of your L2L VPN.

In the "group-policy <gp name> attributes" you can use the below commands

vpn-idle-timeout none

vpn-session-timeout none

You could perhaps try using those in your configuration and see if it helps.

- Jouni

sathish.ippani · ‎08-01-2014

Hi Jouni,

Thanks for valued info, i will let u know the result.

Thanks,

sathish.ippani · ‎08-01-2014

Hi Jouni,

I tried the same but no success, any other way.

Jouni Forss · ‎08-01-2014

Hi,

Did you clear the VPN connection from the ASA if it was active while you did the changes?

The changes are not applied if the VPN connection is up/active when doing the changes. This probably does not apply to all changes but with regards to "group-policy" changes I think they are not applied until the connection is formed again.

Naturally it would be good to see the L2L VPN configurations related to this connection.

Also I am not sure why the connection has to be up all the time. This should be true if there is constant traffic through the L2L VPN connection. Naturally every now and then you will have renegotiation of the SAs.

Just from the top of my head I was just today looking at one customer L2L VPN Connection which had been up for 73d straight and it does not contain any non default settings when it comes to "group-policy" settings.

- Jouni