Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How make up a S2S VPN tunnel for permenant



We have Cisco ASA 5525 running IOS ver 9.1.3, s2s vpn is working fine, we want to make the tunnel up for lifetime.


Can any body let us know the possible config changes.



Super Bronze

Hi, I would imagine that you



I would imagine that you would have to create a "group-policy" that you would attach to the "tunnel-group" of your L2L VPN.


In the "group-policy <gp name> attributes" you can use the below commands


vpn-idle-timeout none


vpn-session-timeout none


You could perhaps try using those in your configuration and see if it helps.


- Jouni

New Member

Hi Jouni, Thanks for valued

Hi Jouni,


Thanks for valued info, i will let u know the result.



New Member

Hi Jouni,I tried the same but

Hi Jouni,

I tried the same but no success, any other way.

Super Bronze

Hi, Did you clear the VPN



Did you clear the VPN connection from the ASA if it was active while you did the changes?


The changes are not applied if the VPN connection is up/active when doing the changes. This probably does not apply to all changes but with regards to "group-policy" changes I think they are not applied until the connection is formed again.


Naturally it would be good to see the L2L VPN configurations related to this connection.


Also I am not sure why the connection has to be up all the time. This should be true if there is constant traffic through the L2L VPN connection. Naturally every now and then you will have renegotiation of the SAs.


Just from the top of my head I was just today looking at one customer L2L VPN Connection which had been up for 73d straight and it does not contain any non default settings when it comes to "group-policy" settings.


- Jouni

CreatePlease login to create content