Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

501 site-to-site vpn tunnel timeout

What is the maximum session timeout that you can configure on a site-to-site vpn tunnel using 2 pix 501s. 24 hours??

Thanks for any help, also, if you have documentation (I have looked but with no luck) could you post a link please....

Thanks,

3 REPLIES
Cisco Employee

Re: 501 site-to-site vpn tunnel timeout

There's no timeout setting as such. You can setup ISAKMP and IPSEC lifetimes though.

For Phase 1, default is 24 Hrs and "0" means infinte.

isakmp policy 1 lifetime 0

For phase 2 , default is 28800 seconds.

crypto map mymap 10 set security-association lifetime seconds 28800

HEre's the doc :

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#wp1027585

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/c.htm#wp1034654

*Please rate if helped.

-Kanishka

New Member

Re: 501 site-to-site vpn tunnel timeout

I have a similar setup but with the PIX 506. When I come in the morning I can see the tunnels are not up. We have DSL connections between the locations but once I initiate "interesting traffic" the tunnels come up with no issue.

Let me see if I can find a link to something that will help.

Green

Re: 501 site-to-site vpn tunnel timeout

If you want them to stay up, look into dead peer detection.

isakmp keepalive

108
Views
0
Helpful
3
Replies
CreatePlease to create content