Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Easy VPN client (ASA5505) and IKE keepalive problem

Dear all.

My problem is I am using an ASA5505 (7.2.4 SW) as an easy VPN client. I want to set the IKE keepalive to 20 seconds with a 2 times retry. I have to set this in the tunnel group IPsec attributes section of the Easy VPN server (also ASA5505 with 7.2.4 SW)

tunnel-group TEST1 type ipsec-ra

tunnel-group TEST1 general-attributes

default-group-policy myGROUP

tunnel-group TEST1 ipsec-attributes

pre-shared-key *

isakmp keepalive threshold 20 retry 2

Problem:

when the client connects and I do a "show vpnclient detail" command I see

crypto isakmp nat-traversal 20

tunnel-group 7.7.7.1 type ipsec-ra

tunnel-group 7.7.7.1 ipsec-attributes

pre-shared-key *

isakmp keepalive threshold 90 retry 5

having been learned from the Easy VPN server. Any ideas how I can reduce this on the client as 90 secs with a 5 times retry is way too long.

Regards

John Keane

1 REPLY
Silver

Re: Easy VPN client (ASA5505) and IKE keepalive problem

Here is the URL for the Configuring the VPN Client and about IKE keep alive follow the guide it may help you

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/administration/5vcAch2.html

819
Views
0
Helpful
1
Replies
CreatePlease to create content