Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
787
Views
0
Helpful
3
Replies

Site to Site VPN Tunnel Time-out

w-asaadmin
Level 1
Level 1

‎11-06-2007 09:32 AM - edited ‎02-21-2020 03:21 PM

The site to site vpn tunnel between the ASA 5510 and ASA 5505 loses connection after more 24 hours of inactivity. However, once I ping the inside address of the ASA 5505 from the ASA 5510 side of the tunnel, the VPN tunnel wakes and continue to work.

I have changed the Crypto isakmp policy

life time to none, but it does not help.

Please help!

Labels:
0 Helpful
3 Replies 3

1cmerchant
Level 1
Level 1

‎11-06-2007 01:51 PM

This is how the products are designed to work....once the IKE SA's time out the tunnel drops until additional interesting traffic is sent.

0 Helpful

w-asaadmin
Level 1
Level 1
In response to 1cmerchant

‎11-06-2007 02:04 PM

The problem is when the remote users return

to their office over the weekend, the vpn

tunnel is down and they are not able to

connect their computers to the HQ computers.

The VPN tunnel can be waken up by

cycling the power of the remote ASA or I ping

its inside NIC IP address from the other end

of the tunnel.

Any suggestions? Thank you!

0 Helpful

w-asaadmin
Level 1
Level 1
In response to w-asaadmin

‎11-12-2007 10:32 AM

OK, The VPN time-out problem has been found.

It was the bandwidth that causes the problem.

Once we upgraded the bandwidth, the problem had gone.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents