ASA 5510 site-to-site vpn intermittent connection

kristian.tomol · ‎11-24-2011

Hi all,

I currently configured a site-to-site vpn connection in one of our client.

Configuration is fine and site-to-site connection is working properly.

We noticed that when the tunnel is idle the site-to-site connection between these two branches is disconnected.

We need to ping the other site in order to re-establish the connection and perform a continuous ping in order to keep the tunnel active.

I would like to ask if there is a way to keep the tunnel active even though there are no activity running on both sites and even without pinging continuously.

Please help..

Thanks,

ajay chauhan · ‎11-24-2011

https://supportforums.cisco.com/message/3494880#3494880

Please read this link might helpfull full for you.

Thanks

Ajay

kristian.tomol · ‎11-24-2011

Hi Ajay,

Thanks for your response, I really appreciate it.

By the way, I would like to ask if I need to disable IKE keepalive and configure the maximum amount of time for VPN connections on both the ASA on both site.

Thanks

ajay chauhan · ‎11-24-2011

If you configure ISAKMP keepalives, it helps prevent sporadically dropped LAN-to-LAN or Remote Access VPN, which includes VPN clients, tunnels and the tunnels that are dropped after a period of inactivity.

Please configure the value for iskmp and rest of the steps. We do disable it when its for vpn client which is behind the firewall.

Thanks

Ajay