11-19-2011 12:42 AM - edited 02-21-2020 05:43 PM
Hi,
I configured an IPSec VPN tunnel between two ASA 5505 firewalls. I would like to make sure that the IPSec tunnel (hence the security association) is permanent and do not drop due to idle condition.
What should I do ?
Thank you for any help
Yves
Solved! Go to Solution.
11-19-2011 01:06 AM
Disables IKE keepalive processing, which is enabled by default.
(config)#tunnel-group 10.165.205.222 ipsec-attributes
(config-tunnel-ipsec)#isakmp keepalive disable
Configure a maximum amount of time for VPN connections with the vpn-session-timeout command in group-policy configuration mode or in username configuration mode:
hostname(config)#group-policy DfltGrpPolicy attributes
hostname(config-group-policy)#vpn-idle-timeout none
hostname(config)#group-policy DfltGrpPolicy attributes
hostname(config-group-policy)#vpn-session-timeout none
Thanks
Ajay
11-19-2011 01:06 AM
Disables IKE keepalive processing, which is enabled by default.
(config)#tunnel-group 10.165.205.222 ipsec-attributes
(config-tunnel-ipsec)#isakmp keepalive disable
Configure a maximum amount of time for VPN connections with the vpn-session-timeout command in group-policy configuration mode or in username configuration mode:
hostname(config)#group-policy DfltGrpPolicy attributes
hostname(config-group-policy)#vpn-idle-timeout none
hostname(config)#group-policy DfltGrpPolicy attributes
hostname(config-group-policy)#vpn-session-timeout none
Thanks
Ajay
11-19-2011 03:50 AM
Thank you so much Ajay for your precise information !
Have a nice weekend
Yves
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: