Site to Site VPN Tunnel Time-out

Unanswered Question
Nov 6th, 2007
User Badges:

The site to site vpn tunnel between the ASA 5510 and ASA 5505 loses connection after more 24 hours of inactivity. However, once I ping the inside address of the ASA 5505 from the ASA 5510 side of the tunnel, the VPN tunnel wakes and continue to work.

I have changed the Crypto isakmp policy

life time to none, but it does not help.

Please help!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
1cmerchant Tue, 11/06/2007 - 13:51
User Badges:

This is how the products are designed to work....once the IKE SA's time out the tunnel drops until additional interesting traffic is sent.

w-asaadmin Tue, 11/06/2007 - 14:04
User Badges:

The problem is when the remote users return

to their office over the weekend, the vpn

tunnel is down and they are not able to

connect their computers to the HQ computers.

The VPN tunnel can be waken up by

cycling the power of the remote ASA or I ping

its inside NIC IP address from the other end

of the tunnel.

Any suggestions? Thank you!

w-asaadmin Mon, 11/12/2007 - 10:32
User Badges:

OK, The VPN time-out problem has been found.

It was the bandwidth that causes the problem.

Once we upgraded the bandwidth, the problem had gone.


This Discussion