Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Site to Site VPN between C2921 and ASA5510

Help please!!

I setup site to site VPN between C2921 (site A) and ASA 5510 (site B). I am having problems with SA being deleted:

1: I can alwasy initiate VPN connection from Site B to Site A.

2: after VPN tunnel is up and idle for a while, SA is dropped and I lost VPN connection from Site A to Site B.

3: to get the connection back, I have to ping Site A from Site B

4: when the connection is established, it works fine!

What did I missed? Thanks.

Everyone's tags (5)
3 REPLIES
Cisco Employee

Site to Site VPN between C2921 and ASA5510

Do you have the isakmp keepalive configured?

Is site B outside interface IP address dynamic? If it's dynamic, then you can only initiate the VPN from site B, if it's static, then you should be able to initiate the VPN from both ends.

New Member

Site to Site VPN between C2921 and ASA5510

Site B outside Interface IP is static.

No, I don't have isakmp keepalive configured.

My problem now is that I can only initiate VPN from Site B; once the connnection is established, I can access site B from site A with no problem.

New Member

Re: Site to Site VPN between C2921 and ASA5510

This issue is now resolved. A CISCO rep helped to point out that I set PFS on Site B, but not on site A. Everything worked as expected as soon as we took off the satement that sets PFS.

Thanks.

471
Views
0
Helpful
3
Replies
CreatePlease to create content