Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2471
Views
0
Helpful
1
Replies

crypto isakmp keepalive in IOS and Pix/ASA

david.tran
Level 4
Level 4

‎11-22-2011 06:19 PM

I have an IOS 12.4(24)T4 router with 100 IPSec site-to-site VPNs on this router.  I would like to enable "crypto isakmp keepalive 10" for only 10 sites.  The other remaining 90 sites can not have"crypto isakmp keepalive" enable.

Is this possible with IOS routers?  This feature, as I understand is available in Pix.

Labels:
0 Helpful
1 Reply 1

ajay chauhan
Level 7
Level 7

‎11-23-2011 12:12 AM

Not possible on router and Pix but yes on ASA per tunnel basis.

Configure ISAKMP keepalives in Cisco IOS with this command:

router(config)#crypto isakmp keepalive 15

Use these commands to configure ISAKMP keepalives on the PIX/ASA Security Appliances:


    • Cisco PIX 6.x

      pix(config)#isakmp keepalive 15

    • Cisco PIX/ASA 7.x and later, for the tunnel group named 10.165.205.222

      securityappliance(config)#tunnel-group 10.165.205.222    ipsec-attributes securityappliance(config-tunnel-ipsec)#isakmp keepalive    threshold 15 retry 10

       Thanks
       Ajay

    0 Helpful
    Getting Started

    Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

    Customers Also Viewed These Support Documents