VPN Timeout

Answered Question
Jul 2nd, 2008

my vpn seems to fail after 7pm when everyone in the office has gone home but in the mornings when they come in the vpn connects and starts working again!

is there a way to keep the connection alove between the 2 sites!

I have this problem too.
0 votes
Correct Answer by ggilbert about 8 years 5 months ago

isakmp keepalive 10 4

You can use that command on both the sides of the PIX and it will send keepalives every ten seconds to make sure the tunnel is up.

Rate this post, if it helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
ggilbert Wed, 07/02/2008 - 07:38

Hello,

If you could answer me couple of questions, I will be able to help you out.

What are the two end devices? Routers or ASA?

You can enable keepalives between the two routers or ASA and you should be able to keep the tunnel up.

- Gilbert

Correct Answer
ggilbert Wed, 07/02/2008 - 08:24

isakmp keepalive 10 4

You can use that command on both the sides of the PIX and it will send keepalives every ten seconds to make sure the tunnel is up.

Rate this post, if it helps.

ggilbert Wed, 07/02/2008 - 08:31

Yes - If you want the tunnel to be alive and active even when there is no activity.

Gilbert

Danny Guillory Jr Wed, 07/02/2008 - 08:37

i just added that line to my 506 and 1 of the 501's that the vpn is down on right now!

and it hasn't come back up yet! i can do a reload on the 501 but not the 506!

ggilbert Wed, 07/02/2008 - 09:12

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/gl.html#wp1027312

The keepalive interval can be between 10 and 3600 seconds. The retry interval can be between 2 and 10 seconds, with the default being 2 seconds. The retry interval is the interval between retries after a keepalive response has not been received. You can specify the keepalive interval without specifying the retry interval, but cannot specify the retry interval without specifying the keepalive interval.

Danny Guillory Jr Thu, 07/03/2008 - 04:40

when i restart one of my pix501's the vpn does not connect right away is there a CMD i can run that will force the vpn to connect?

ggilbert Wed, 07/09/2008 - 07:18

You got to pass traffic to the other side so that the tunnel can get established.

There is no command like "connect vpn" or so.

Gilbert

Actions

This Discussion