Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Timeout

my vpn seems to fail after 7pm when everyone in the office has gone home but in the mornings when they come in the vpn connects and starts working again!

is there a way to keep the connection alove between the 2 sites!

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: VPN Timeout

isakmp keepalive 10 4

You can use that command on both the sides of the PIX and it will send keepalives every ten seconds to make sure the tunnel is up.

Rate this post, if it helps.

10 REPLIES
Cisco Employee

Re: VPN Timeout

Hello,

If you could answer me couple of questions, I will be able to help you out.

What are the two end devices? Routers or ASA?

You can enable keepalives between the two routers or ASA and you should be able to keep the tunnel up.

- Gilbert

New Member

Re: VPN Timeout

my remote sites have pix 501' and the main location that that all vpn to has a pix 506e!

Cisco Employee

Re: VPN Timeout

isakmp keepalive 10 4

You can use that command on both the sides of the PIX and it will send keepalives every ten seconds to make sure the tunnel is up.

Rate this post, if it helps.

New Member

Re: VPN Timeout

ok i am understanding tat this shoule be put in all my 501'a and my 506!

correct?

Cisco Employee

Re: VPN Timeout

Yes - If you want the tunnel to be alive and active even when there is no activity.

Gilbert

New Member

Re: VPN Timeout

what does the "10 4"

i assume 10 is seconds

i have no idea what 4 is?

New Member

Re: VPN Timeout

i just added that line to my 506 and 1 of the 501's that the vpn is down on right now!

and it hasn't come back up yet! i can do a reload on the 501 but not the 506!

Cisco Employee

Re: VPN Timeout

http://www.cisco.com/en/US/docs/security/pix/pix63/command/reference/gl.html#wp1027312

The keepalive interval can be between 10 and 3600 seconds. The retry interval can be between 2 and 10 seconds, with the default being 2 seconds. The retry interval is the interval between retries after a keepalive response has not been received. You can specify the keepalive interval without specifying the retry interval, but cannot specify the retry interval without specifying the keepalive interval.

New Member

Re: VPN Timeout

when i restart one of my pix501's the vpn does not connect right away is there a CMD i can run that will force the vpn to connect?

Cisco Employee

Re: VPN Timeout

You got to pass traffic to the other side so that the tunnel can get established.

There is no command like "connect vpn" or so.

Gilbert

232
Views
0
Helpful
10
Replies