How to keep VPN tunnel permanently alive CISCO ASA

Unanswered Question
Feb 8th, 2010

I know it is a simple command, but I have forgotten!

How do keep a VPN tunnel permanently up? At the moment the tunnel closes after the period of 8 hours until remote site needs to access head office. This means head office has to ask someone to log in to initiate access (We cannot make the tunnel bi-directional which would be the easy answer!)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
timothybward Mon, 02/08/2010 - 04:00

Hey there,

I think you'll want to set the isakmp lifetime to 0 per : http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution06

Specify the SA lifetime. This examples sets a lifetime of 4 hours (14400 seconds). The default is 86400 seconds (24 hours).

PIX/ASA

hostname(config)#isakmp policy 2 lifetime  14400

IOS Router

R2(config)#crypto isakmp policy 10
R2(config-isakmp)#lifetime 86400

If the maximum configured lifetime is exceeded, you receive this error message when the VPN connection is terminated:

Secure VPN Connection terminated locally by the Client. Reason 426: Maximum Configured Lifetime Exceeded.

In order to resolve this error message, set the lifetime value to 0 in order to set the lifetime of an IKE security association to infinity. The VPN will always be connection and will not terminate.

hostname(config)#isakmp policy 2 lifetime 0

Good luck!

Tim

Actions

This Discussion