Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to keep VPN tunnel permanently alive CISCO ASA

I know it is a simple command, but I have forgotten!

How do keep a VPN tunnel permanently up? At the moment the tunnel closes after the period of 8 hours until remote site needs to access head office. This means head office has to ask someone to log in to initiate access (We cannot make the tunnel bi-directional which would be the easy answer!)

New Member

Re: How to keep VPN tunnel permanently alive CISCO ASA

Hey there,

I think you'll want to set the isakmp lifetime to 0 per :

Specify the SA lifetime. This examples sets a lifetime of 4 hours (14400 seconds). The default is 86400 seconds (24 hours).


hostname(config)#isakmp policy 2 lifetime  14400

IOS Router

R2(config)#crypto isakmp policy 10
R2(config-isakmp)#lifetime 86400

If the maximum configured lifetime is exceeded, you receive this error message when the VPN connection is terminated:

Secure VPN Connection terminated locally by the Client. Reason 426: Maximum Configured Lifetime Exceeded.

In order to resolve this error message, set the lifetime value to 0 in order to set the lifetime of an IKE security association to infinity. The VPN will always be connection and will not terminate.

hostname(config)#isakmp policy 2 lifetime 0

Good luck!