cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
424
Views
0
Helpful
2
Replies
Highlighted
Beginner

how to keep ipsec permanently

Hi experts.

I configured vpn connection between cisco1841 and ASA.

I want to keep ipsec permanently even if no data packets,

I put commands on 1841 like following.

'crypto isakmp keepalive 30 periodic"

However vpn is disconnected  after a while if no data packets.

Please let me know what commands are missing.

2 REPLIES 2
Highlighted

Re: how to keep ipsec permanently

Hi,

IPsec VPN is established in two phases.

Phase 1 and phase 2 and each one has its lifetimes.

If there's no data passing and the lifetime for the Security Association expires, the tunnel will be torn down.

I guess you can send some sort of keepalive through the tunnel (perhaps an ICMP packet) to keep the tunnel up even if there's no interesting traffic.

The command that you're describing it to allow DPD (Dead Peer Detection) packets and that's for the device to know that the tunnel is down on the other end, so it can take it down and reestablish it.

Federico.

Highlighted
Beginner

Re: how to keep ipsec permanently

Thank you for your reply.

I want to make it clear,

Do you mean I need to put some commands on both sides equipments like following?


for Phase 1
(config-isakmp)#lifetime 86400


for Phase 2
set security-association lifetime seconds 3600