Comprar ou Renovar
Comprar ou Renovar
cancelar
Activar sugestões
A sugestão automática ajuda-o a especificar os resultados de pesquisa sugerindo-lhe correspondências enquanto escreve.
Mostrar resultados para 
Pesquisar em vez de 
Queria dizer: 
cancel
Iniciar uma conversa
1391
Apresentações
0
Útil
2
Respostas

how to keep ipsec permanently

moonviewingjp
Level 1
Level 1

‎11-24-2010 11:15 AM - editado ‎02-21-2020 04:59 PM

Hi experts.

I configured vpn connection between cisco1841 and ASA.

I want to keep ipsec permanently even if no data packets,

I put commands on 1841 like following.

'crypto isakmp keepalive 30 periodic"

However vpn is disconnected  after a while if no data packets.

Please let me know what commands are missing.

Rótulos:
0 Útil
2 RESPOSTAS 2

Federico Coto Fajardo
VIP Alumni
VIP Alumni

em ‎11-24-2010 11:20 AM

Hi,

IPsec VPN is established in two phases.

Phase 1 and phase 2 and each one has its lifetimes.

If there's no data passing and the lifetime for the Security Association expires, the tunnel will be torn down.

I guess you can send some sort of keepalive through the tunnel (perhaps an ICMP packet) to keep the tunnel up even if there's no interesting traffic.

The command that you're describing it to allow DPD (Dead Peer Detection) packets and that's for the device to know that the tunnel is down on the other end, so it can take it down and reestablish it.

Federico.

0 Útil

moonviewingjp
Level 1
Level 1
Em resposta a Federico Coto Fajardo

em ‎11-25-2010 02:23 AM

Thank you for your reply.

I want to make it clear,

Do you mean I need to put some commands on both sides equipments like following?


for Phase 1
(config-isakmp)#lifetime 86400


for Phase 2
set security-association lifetime seconds 3600

0 Útil
Customers Also Viewed These Support Documents