06-29-2008 05:01 AM
Hi forum!
I have two ASA5505 and want to setup a site-to-site vpn.
I used the ipsec wizard and the vpn works so far.
The problem is the remote side where the asa is behind a firewall of my isp. The incoming ports are completly closed.
Now if the idle time pass by and on the remote side there is no traffic the tunnel disrupts.
I found a workaround by setting the idle-timout to none. But if the tunnel disrupt by other reasons, e.g. ISP disconnects I can't rebuild it from the server side.
Is there any command to send a keepalive signal or something?
06-29-2008 07:11 AM
tunnel-group x.x.x.x ipsec-attributes
pre-shared-key *
isakmp keepalive threshold 15 retry 2
06-29-2008 09:50 AM
Hi! Thanks for the quick reply.
But the keepalive is standard - or isn't it?
Where should I set the keepalive - core or remote? or both?
I think the problem is that the core ASA can't connect to the ASA behind the firewall.
06-29-2008 12:12 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide