07-02-2008 07:35 AM - edited 02-21-2020 03:47 PM
my vpn seems to fail after 7pm when everyone in the office has gone home but in the mornings when they come in the vpn connects and starts working again!
is there a way to keep the connection alove between the 2 sites!
Solved! Go to Solution.
07-02-2008 08:24 AM
isakmp keepalive 10 4
You can use that command on both the sides of the PIX and it will send keepalives every ten seconds to make sure the tunnel is up.
Rate this post, if it helps.
07-02-2008 07:38 AM
Hello,
If you could answer me couple of questions, I will be able to help you out.
What are the two end devices? Routers or ASA?
You can enable keepalives between the two routers or ASA and you should be able to keep the tunnel up.
- Gilbert
07-02-2008 07:51 AM
my remote sites have pix 501' and the main location that that all vpn to has a pix 506e!
07-02-2008 08:24 AM
isakmp keepalive 10 4
You can use that command on both the sides of the PIX and it will send keepalives every ten seconds to make sure the tunnel is up.
Rate this post, if it helps.
07-02-2008 08:29 AM
ok i am understanding tat this shoule be put in all my 501'a and my 506!
correct?
07-02-2008 08:31 AM
Yes - If you want the tunnel to be alive and active even when there is no activity.
Gilbert
07-02-2008 08:36 AM
what does the "10 4"
i assume 10 is seconds
i have no idea what 4 is?
07-02-2008 08:37 AM
i just added that line to my 506 and 1 of the 501's that the vpn is down on right now!
and it hasn't come back up yet! i can do a reload on the 501 but not the 506!
07-02-2008 09:12 AM
http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/gl.html#wp1027312
The keepalive interval can be between 10 and 3600 seconds. The retry interval can be between 2 and 10 seconds, with the default being 2 seconds. The retry interval is the interval between retries after a keepalive response has not been received. You can specify the keepalive interval without specifying the retry interval, but cannot specify the retry interval without specifying the keepalive interval.
07-03-2008 04:40 AM
when i restart one of my pix501's the vpn does not connect right away is there a CMD i can run that will force the vpn to connect?
07-09-2008 07:18 AM
You got to pass traffic to the other side so that the tunnel can get established.
There is no command like "connect vpn" or so.
Gilbert
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: