Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1012
Views
0
Helpful
1
Replies

Easy VPN client (ASA5505) and IKE keepalive problem

jkeane100
Level 1
Level 1

‎01-29-2009 03:20 AM

Dear all.

My problem is I am using an ASA5505 (7.2.4 SW) as an easy VPN client. I want to set the IKE keepalive to 20 seconds with a 2 times retry. I have to set this in the tunnel group IPsec attributes section of the Easy VPN server (also ASA5505 with 7.2.4 SW)

tunnel-group TEST1 type ipsec-ra

tunnel-group TEST1 general-attributes

default-group-policy myGROUP

tunnel-group TEST1 ipsec-attributes

pre-shared-key *

isakmp keepalive threshold 20 retry 2

Problem:

when the client connects and I do a "show vpnclient detail" command I see

crypto isakmp nat-traversal 20

tunnel-group 7.7.7.1 type ipsec-ra

tunnel-group 7.7.7.1 ipsec-attributes

pre-shared-key *

isakmp keepalive threshold 90 retry 5

having been learned from the Easy VPN server. Any ideas how I can reduce this on the client as 90 secs with a 5 times retry is way too long.

Regards

John Keane

Labels:
0 Helpful
1 Reply 1

amritpatek
Level 6
Level 6

‎02-04-2009 04:10 PM

Here is the URL for the Configuring the VPN Client and about IKE keep alive follow the guide it may help you

http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client500_501/administration/5vcAch2.html

0 Helpful
Customers Also Viewed These Support Documents