08-02-2012 03:39 AM
Dear All,
I have ASA 5510 with 8.4 connected to ISG 1000, when traffic is passing the VPN tunnel is working fine, when the traffic stops, ASA will drop the packet but the VPN tunnel on ISG still up .
When new traffic started from ISG side, it will drop, as the tunnel is not up on ASA side.
I tried some setting on ASA like
** Keepalive
** vpn-idle-timeout none
** vpn-session-timeout none
and from ISG the keepalives and hearbeat
But no luck.
Any idea how to make the tunnel up all the times even no traffic, or when it will drop in ASA, ISG must drop it as well.
Regards,
MKD
08-02-2012 09:27 PM
Are you sure you changed the VPN idle timeout under the correct group policy?
I've configured tunnels to ISG's running ScreenOS many times without issue. Enable logging or turn on the ISAKMP debugs on the ASA and see if you can see a delete message being sent to the Juniper or a loss of contract betwen the peers
debug crypto isakmp 254
08-02-2012 11:48 PM
Yes, Im sure of that.
Version 8.2 has no problems, but I face this on 8.4 only.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide