Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13914
Views
0
Helpful
1
Replies

How to keep VPN tunnel permanently alive CISCO ASA

mawallace
Level 1
Level 1

‎02-08-2010 03:28 AM

I know it is a simple command, but I have forgotten!

How do keep a VPN tunnel permanently up? At the moment the tunnel closes after the period of 8 hours until remote site needs to access head office. This means head office has to ask someone to log in to initiate access (We cannot make the tunnel bi-directional which would be the easy answer!)

1 person had this problem
Labels:
0 Helpful
1 Reply 1

timothybward
Level 1
Level 1

‎02-08-2010 04:00 AM

Hey there,

I think you'll want to set the isakmp lifetime to 0 per : http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#solution06

Specify the SA lifetime. This examples sets a lifetime of 4 hours (14400 seconds). The default is 86400 seconds (24 hours).

PIX/ASA

hostname(config)#isakmp policy 2 lifetime  14400

IOS Router

R2(config)#crypto isakmp policy 10
R2(config-isakmp)#lifetime 86400

If the maximum configured lifetime is exceeded, you receive this error message when the VPN connection is terminated:

Secure VPN Connection terminated locally by the Client. Reason 426: Maximum Configured Lifetime Exceeded.

In order to resolve this error message, set the lifetime value to 0 in order to set the lifetime of an IKE security association to infinity. The VPN will always be connection and will not terminate.

hostname(config)#isakmp policy 2 lifetime 0

Good luck!

Tim

0 Helpful
Customers Also Viewed These Support Documents