cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
844
Views
0
Helpful
10
Replies

VPN Timeout

my vpn seems to fail after 7pm when everyone in the office has gone home but in the mornings when they come in the vpn connects and starts working again!

is there a way to keep the connection alove between the 2 sites!

1 Accepted Solution

Accepted Solutions

isakmp keepalive 10 4

You can use that command on both the sides of the PIX and it will send keepalives every ten seconds to make sure the tunnel is up.

Rate this post, if it helps.

View solution in original post

10 Replies 10

ggilbert
Cisco Employee
Cisco Employee

Hello,

If you could answer me couple of questions, I will be able to help you out.

What are the two end devices? Routers or ASA?

You can enable keepalives between the two routers or ASA and you should be able to keep the tunnel up.

- Gilbert

my remote sites have pix 501' and the main location that that all vpn to has a pix 506e!

isakmp keepalive 10 4

You can use that command on both the sides of the PIX and it will send keepalives every ten seconds to make sure the tunnel is up.

Rate this post, if it helps.

ok i am understanding tat this shoule be put in all my 501'a and my 506!

correct?

Yes - If you want the tunnel to be alive and active even when there is no activity.

Gilbert

what does the "10 4"

i assume 10 is seconds

i have no idea what 4 is?

i just added that line to my 506 and 1 of the 501's that the vpn is down on right now!

and it hasn't come back up yet! i can do a reload on the 501 but not the 506!

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/gl.html#wp1027312

The keepalive interval can be between 10 and 3600 seconds. The retry interval can be between 2 and 10 seconds, with the default being 2 seconds. The retry interval is the interval between retries after a keepalive response has not been received. You can specify the keepalive interval without specifying the retry interval, but cannot specify the retry interval without specifying the keepalive interval.

when i restart one of my pix501's the vpn does not connect right away is there a CMD i can run that will force the vpn to connect?

You got to pass traffic to the other side so that the tunnel can get established.

There is no command like "connect vpn" or so.

Gilbert

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: