I've tried this (isakmp keepalive 10), to no avail. Thanks though.

That doesn't keep the tunnel from going down? Or are you just saying it doesn't bring it back up?

it doesn't bring it back up. i'm trying to prepare for the unavoidable power or internet outage that would bring the connection down. i would like the static location to reconnect without effort from the customer on that end. :)

that's a good idea. a ping will bring it up. some type of ping utility would also work. i was just looking for a solution on the firewall.

unfortunately the way this has worked out, the static pix is at the remote site. that could be changed but it would be easier to work around it.

Thanks.

sorry, i'm kinda slow. a syslog service on the remote computer with the main office (dynamic pic) logging to the remote syslog should work. Think?

Ya, same difference. As long as the computer has data to send. I was confused before which end was dynamic. What I should have said, since your main end is dynamic, is to have your pix or a computer syslog or ntp to something at the remote site.

no reason you would have known, that would be the logical way. thanks again :)

palomoj,

Not sure if it matters but in his case the head end firewall was dynamic. Would that still work?

Which ever site has the static can be configured as the EasyVPN server and the dynamic as the EasyVPN client.

Hi,

Correct me if i'm wrong, but I thought the pix 501 would not act as an easy vpn server, only a client.

You can configure 501 for server or client