Showing results for 
Search instead for 
Did you mean: 

site to site with asa5520 to ISA establishes but doesnt stay active


I have a tunnel established site to site and the only way we can get it to negotiate is for the ISA site to ping the ASA site. At that point Im able to ping his internal and vice versa but after a few minutes of no activity the connection drops and he has to ping me again. Im not familiar with ISA but he says there is no keep alive setting like with Cisco. Any ideas on how to make the tunnel stay active? thanks in advance

7 Replies 7


try adding the below:-

tunnel-group <> ipsec-attributes

isakmp keepalive threshold infinite


I will try that, but Im already getting messages that the peer device (isa at remote location) doesnt support keepalives. Basically I get a syslog message that says something like this Keep alives are configured, but the peer device doesnt support it.

thanks for the suggestion

Yep - the command tells the ASA that the remote end will no initiate/support keepalives and it should do it anyway!

command applied, for some reason, the only way I can renegotiate the tunnel is to have someone at the remote site (isa site) ping something internal here at the local (asa site) I can not ping something at the remote site to renegotiate the tunnel any suggestions for that?

thanks again

OK - did this situtation exist before you entered my suggested command?

If not remove the command.

that situation existed prior to command, yes

OK - post you config for review, remove sensitive iformation.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers