Site-to-Site VPN - one side behind firewall

Unanswered Question
Jun 29th, 2008
User Badges:

Hi forum!

I have two ASA5505 and want to setup a site-to-site vpn.

I used the ipsec wizard and the vpn works so far.

The problem is the remote side where the asa is behind a firewall of my isp. The incoming ports are completly closed.

Now if the idle time pass by and on the remote side there is no traffic the tunnel disrupts.

I found a workaround by setting the idle-timout to none. But if the tunnel disrupt by other reasons, e.g. ISP disconnects I can't rebuild it from the server side.

Is there any command to send a keepalive signal or something?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Sun, 06/29/2008 - 07:11
User Badges:
  • Gold, 750 points or more

tunnel-group x.x.x.x ipsec-attributes

pre-shared-key *

isakmp keepalive threshold 15 retry 2

gerdpleyer Sun, 06/29/2008 - 09:50
User Badges:

Hi! Thanks for the quick reply.

But the keepalive is standard - or isn't it?

Where should I set the keepalive - core or remote? or both?

I think the problem is that the core ASA can't connect to the ASA behind the firewall.


This Discussion