Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site to site VPN connection

Branch users are encountering a client workstation disconnection between the HQ and branch office after an idle time of 2 hours.

But it does not happen to HQ users. Both side are using ASA 5505. Any config in firewall will cause this?

6 REPLIES
New Member

Site to site VPN connection

hi,

what do u mean by "But it does not happen to HQ users" ?

New Member

Site to site VPN connection

HQ users are not encountering connection error after 2 hours. As for branch users, there is error message "network link broken! Error code 10054" prompt when the idle time is going to 2 hours.

New Member

Site to site VPN connection

what's the lifetime that you configure?

New Member

Re: Site to site VPN connection

TCP timeout connection is default 1 hour. Kindly refer to attachment for the config.

New Member

Re: Site to site VPN connection

which crypto map u use to connect this branch to HQ?

New Member

Site to site VPN connection

Please refer below.

Branch

=======

crypto map outside_map 1 match address outside_1_cryptomap

crypto map outside_map 1 set pfs

crypto map outside_map 1 set peer x.x.x.x

crypto map outside_map 1 set transform-set ESP-3DES-MD5

crypto map outside_map 1 set security-association lifetime seconds 28800

crypto map outside_map 1 set security-association lifetime kilobytes 4608000

crypto map outside_map interface outside

HQ

====

crypto map outside_map 4 match address outside_4_cryptomap

crypto map outside_map 4 set pfs

crypto map outside_map 4 set peer x.x.x.x

crypto map outside_map 4 set ikev1 transform-set ESP-3DES-MD5

crypto map outside_map 4 set security-association lifetime seconds 28800

crypto map outside_map 4 set security-association lifetime kilobytes 4608000

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

221
Views
0
Helpful
6
Replies