ASA 5510 TO IOS ROUTER VPN CONNECTION LOST

Unanswered Question

We have ASA 5510 8.2(1) and IOS 1841 12.4(15)T1 configured at the ASA with a fixed Internet address and at the 1841 a Static/Dynamic Address. VPN IKE/IPsec tunnel works fine, but to cross traffic sessiones must be present such as ping or any other service so IPSec generete the SA. Rekey is set to 3600 secs, rekey data to 4608000, Idle time-out 30 min

To avoid having to set a dummy traffic between both local/remote nets such as NTP or SNMP, how is possible to enable longer SA?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Collin Clark Fri, 09/18/2009 - 13:14

Try enabling ISAKMP keepalives. It's on by default on the ASA, but you need to add it on the router.

crypto isakmp keepalive 15 15

Hope it helps.

Actions

This Discussion