I have configured a remote site as an EasyVPN client...a 5505. At the headend I have a pair of routers running HSRP with a pair of ASA 5510's behind them.
When I pull the plug on one of the HSRP routers is takes about 60 seconds for the remote site to come up on the second VPN server IP, which is actually a second ISP's address NAT'd to the same 5510's that it was already up on before I failed the router....but was using an address from the first ISP.
Anyway, it also takes 60 seconds to fail back. 60 seconds is really too long in today's world. How can I make it failover a bit quicker? What is determining the 60 seconds...it's very consistent which suggests a parameter somewhere.
I messed with ISAKMP keepalives with no success so far.