06-26-2012 03:04 AM
Help please!!
I setup site to site VPN between C2921 (site A) and ASA 5510 (site B). I am having problems with SA being deleted:
1: I can alwasy initiate VPN connection from Site B to Site A.
2: after VPN tunnel is up and idle for a while, SA is dropped and I lost VPN connection from Site A to Site B.
3: to get the connection back, I have to ping Site A from Site B
4: when the connection is established, it works fine!
What did I missed? Thanks.
06-26-2012 06:01 AM
Do you have the isakmp keepalive configured?
Is site B outside interface IP address dynamic? If it's dynamic, then you can only initiate the VPN from site B, if it's static, then you should be able to initiate the VPN from both ends.
06-26-2012 08:30 AM
Site B outside Interface IP is static.
No, I don't have isakmp keepalive configured.
My problem now is that I can only initiate VPN from Site B; once the connnection is established, I can access site B from site A with no problem.
06-26-2012 06:10 PM
This issue is now resolved. A CISCO rep helped to point out that I set PFS on Site B, but not on site A. Everything worked as expected as soon as we took off the satement that sets PFS.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide