Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

VPN between ASA 5520 and ISA Server 2004


I have configured a vpn from an ASA 5520 ti an ISA Server 2004,

i have followed the instructions founded on pdf about this,

the vpn get established and traffic from/to the peers is forwarding, I could make a ping or http, or make connections to the other side (my side is where the ASA is connected) and viceversa, so there is no problem about it,

The problem is when there is no traffic to transfer, for example in nights hours, or sometimes when the users are eating the vpn does down, and when they come back, the vpn gets established again, but my users complaint to me because sometimes they "see" that there is no connection..

So my question is how, could i make the vpn permanent and that it stays up all time.

this is my configuration:

crypto ipsec ikev1 transform-set VPN_CLIENTS_TS esp-des esp-md5-hmac

crypto dynamic-map VPN_CM_D 20 set ikev1 transform-set VPN_CLIENTS_TS

crypto ipsec ikev1 transform-set VPN_STS_TS_1 esp-des esp-sha-hmac

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-DES-SHA ESP-DES-MD5

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800

crypto map VPN_CM 2 match address acl_list

crypto map VPN_CM 2 set pfs

crypto map VPN_CM 2 set peer Peer_IP_Address

crypto map VPN_CM 2 set ikev1 transform-set VPN_STS_TS_1

crypto map VPN_CM 65535 ipsec-isakmp dynamic VPN_CM_D

crypto map VPN_CM interface outside

crypto ikev1 enable outside

crypto ikev1 policy 2

authentication pre-share

encryption des

hash sha

group 2

lifetime 86400

tunnel-group Peer_IP_Address type ipsec-l2l

tunnel-group Peer_IP_Address ipsec-attributes

ikev1 pre-shared-key xxxxx

any sugestions?.

thanks in advance


Juan Pablo

CreatePlease to create content