Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1675
Views
0
Helpful
2
Replies

VPN to Juniper ISG 1000

mkdccie
Level 1
Level 1

‎08-02-2012 03:39 AM

Dear All,

I have ASA 5510 with 8.4 connected to ISG 1000, when traffic is passing the VPN tunnel is working fine, when the traffic stops, ASA will drop the packet but the VPN tunnel on ISG still up .

When new traffic started from ISG side, it will drop, as the tunnel is not up on ASA side.

I tried some setting on ASA like

** Keepalive

** vpn-idle-timeout none

** vpn-session-timeout none

and from ISG the keepalives and hearbeat

But no luck.

Any idea how to make the tunnel up all the times even no traffic, or when it will drop in ASA, ISG must drop it as well.

Regards,

MKD

Labels:
0 Helpful
2 Replies 2

Patrick0711
Level 3
Level 3

‎08-02-2012 09:27 PM

Are you sure you changed the VPN idle timeout under the correct group policy? 

I've configured tunnels to ISG's running ScreenOS many times without issue.  Enable logging or turn on the ISAKMP debugs on the ASA and see if you can see a delete message being sent to the Juniper or a loss of contract betwen the peers

debug crypto isakmp 254

0 Helpful

mkdccie
Level 1
Level 1
In response to Patrick0711

‎08-02-2012 11:48 PM

Yes, Im sure of that.

Version 8.2 has no problems, but I face this on 8.4 only.

0 Helpful
Customers Also Viewed These Support Documents