I have configured L2L vpn between ASA5520 and PIX525.The probelm is whenever I try to ping from my end i.e ASA5520,at that time only tunnel is established but after 30min automatically its get down.we are unable to ping peer ip address and inside host from both end.I ASDM it's showing 0 Rx packet.what might be the issue. pls help me in this regard.
Check two things, Security-association lifetime setings and isak policy lifetime must much at both ends.
crypto map outside_map 10 set security-association lifetime seconds kilobytes
crypto map outside_map interface outside
where x is seconds and y kilobytes , default sa lifetime is 86400 seconds or 24 hours
also check isakmp policy lifetime e.g
isakmp policy 10 lifetime xxxx , see Verify isakmp lifetime , default is 24 hours or 86400 seconds
On this link see sa lifetime info , you may need to check the gkobal policy in vpn ra as asa/pix l2l may have inherit the default ra global policy vpn lifetime of 30 minutes, see Verify Idle / Session Timeout,this settings can be change to unlimited.
many many thanx,now i am able to reach other end by pinging but now i am facing a new porb after 30min the tunnel goes down.in the remote end(pix) vpngroup x.x.x.x vpngroup x.x.x.x idle-time 1800 command is given.
i think this is the reason but i am not sure.how to resolve this issue ..
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :