IPSEC Tunnels always UP

Unanswered Question
Apr 15th, 2009

Hi all,

I've a ASA 5540 and configured a Site-to-Site VPN, but the IPSEC tunnels frequently goes down, and when I ping a remote host, the tunnels go UP.

Is there a way to keep the tunnels always UP?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
networker99 Wed, 04/15/2009 - 09:25

You might be able to enter 0 for the idle timeout however not sure if this is possible. Why not just increase the idle timeout?

acomiskey Wed, 04/15/2009 - 09:42

Configure isakmp keepalives on both ends...

securityappliance(config)#tunnel-group x.x.x.x ipsec-attributes

securityappliance(config-tunnel-ipsec)isakmp keepalive threshold 15 retry 10

lrm001c474 Wed, 04/15/2009 - 18:00

Enable dead peer detection with the following group level command:

isakmp keepalive


This Discussion