Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SA rekey

Hi,

I have couple of site-site vpn tunnels between cisco asa 5520 and checkpoint utm edge devices. Initially the tunnels were going down very frequently, but after analyzing the conf at both ends i have noticed that lieftime is set incorrectly. so i have changed on the asa to match with checkpoint,after that a new problem was discovered. Tunnel is up for 4-6 hrs after that it goes down. when i execute sh isakmp sa in asa i  can see the below.

IKE Peer: x.x.x.x

    Type    : L2L             Role    : initiator

    Rekey   : yes             State   : MM_ACTIVE_REKEY

IKE Peer: x.x.x.x

    Type    : L2L             Role    : responder

    Rekey   : no              State   : MM_REKEY_DONE_H2

i need to clear the tunnel to bring it up everytime. what should be done to keep the tunnel up?

Thanks,

Sridhar

418
Views
0
Helpful
0
Replies
CreatePlease to create content