Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ASA5510<-->2811 router L2L VPN: Session reset every 24Hrs

Hi All,

The L2L session having prod traffic between ASA5510<-->2811 router resets every 24hrs. I believe this is due to default isakmp lifetime (86400Sec).The ASA has option to change the lifetime for the isakmp...

************************************

5510-V1(config-isakmp-policy)# lifetime ?

crypto-isakmp-policy mode commands/options:

<120-2147483647> Lifetime in seconds

none Disable rekey and allow an unlimited rekey period

************************

But the router (2811- c2800nm-advipservicesk9-mz.124-8b.bin) do not have the option..

2811-FW1(config-isakmp)#lifetime ?

<60-86400> lifetime in seconds

Is there anyway we can keep the Tunnel up without loosing it..? If I change on the ASA for this particular 'isakmp policy', does it take effect on the other peers (ex: 2811) which are using this policy to connect or the lower interval always takeover..?

Thank you in advance.

MS

3 REPLIES
New Member

Re: ASA5510<-->2811 router L2L VPN: Session reset every 24Hrs

Hi,

I am unsure if there is the command for the 2811. I have not worked with that specific model. Hopefully someone else can answer that. However with regards to the timers etc I would have thought leaving as is would be ok and a good idea. This means it will refresh the phase 1 tunnel (isakmp sa) every 24hrs. As long as interesting traffic is still being sent then then VPN should just renegotiate.

Hope that helps

Thanks

Re: ASA5510<-->2811 router L2L VPN: Session reset every 24Hrs

Thank you. Iam wondering any if any latest IOS versions got that option on 2811. Lets see if any other 'guru' replies. Also, what is time for isakmp to reestablish/rekey?

Thank you

MS

New Member

Re: ASA5510<-->2811 router L2L VPN: Session reset every 24Hrs

Hi,

By default ISAKMP is renegotiated every 24hrs by default.

Hope that helps

Thanks

255
Views
0
Helpful
3
Replies