Easy VPN client (ASA5505) and IKE keepalive problem

Unanswered Question
Jan 29th, 2009

Dear all.

My problem is I am using an ASA5505 (7.2.4 SW) as an easy VPN client. I want to set the IKE keepalive to 20 seconds with a 2 times retry. I have to set this in the tunnel group IPsec attributes section of the Easy VPN server (also ASA5505 with 7.2.4 SW)

tunnel-group TEST1 type ipsec-ra

tunnel-group TEST1 general-attributes

default-group-policy myGROUP

tunnel-group TEST1 ipsec-attributes

pre-shared-key *

isakmp keepalive threshold 20 retry 2


when the client connects and I do a "show vpnclient detail" command I see

crypto isakmp nat-traversal 20

tunnel-group type ipsec-ra

tunnel-group ipsec-attributes

pre-shared-key *

isakmp keepalive threshold 90 retry 5

having been learned from the Easy VPN server. Any ideas how I can reduce this on the client as 90 secs with a 5 times retry is way too long.


John Keane

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion