Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IPSEC Tunnels always UP

Hi all,

I've a ASA 5540 and configured a Site-to-Site VPN, but the IPSEC tunnels frequently goes down, and when I ping a remote host, the tunnels go UP.

Is there a way to keep the tunnels always UP?

Thanks

Tauer

4 REPLIES
Community Member

Re: IPSEC Tunnels always UP

You might be able to enter 0 for the idle timeout however not sure if this is possible. Why not just increase the idle timeout?

Green

Re: IPSEC Tunnels always UP

Configure isakmp keepalives on both ends...

securityappliance(config)#tunnel-group x.x.x.x ipsec-attributes

securityappliance(config-tunnel-ipsec)isakmp keepalive threshold 15 retry 10

Community Member

Re: IPSEC Tunnels always UP

ok... I'll apply.

I post the result

Thanks

Tauer

Community Member

Re: IPSEC Tunnels always UP

Enable dead peer detection with the following group level command:

isakmp keepalive

442
Views
3
Helpful
4
Replies
CreatePlease to create content