Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
615
Views
0
Helpful
3
Replies

Site-to-Site VPN - one side behind firewall

gerdpleyer
Level 1
Level 1

‎06-29-2008 05:01 AM

Hi forum!

I have two ASA5505 and want to setup a site-to-site vpn.

I used the ipsec wizard and the vpn works so far.

The problem is the remote side where the asa is behind a firewall of my isp. The incoming ports are completly closed.

Now if the idle time pass by and on the remote side there is no traffic the tunnel disrupts.

I found a workaround by setting the idle-timout to none. But if the tunnel disrupt by other reasons, e.g. ISP disconnects I can't rebuild it from the server side.

Is there any command to send a keepalive signal or something?

Labels:
0 Helpful
3 Replies 3

a.alekseev
Level 7
Level 7

‎06-29-2008 07:11 AM

tunnel-group x.x.x.x ipsec-attributes

pre-shared-key *

isakmp keepalive threshold 15 retry 2

0 Helpful

gerdpleyer
Level 1
Level 1
In response to a.alekseev

‎06-29-2008 09:50 AM

Hi! Thanks for the quick reply.

But the keepalive is standard - or isn't it?

Where should I set the keepalive - core or remote? or both?

I think the problem is that the core ASA can't connect to the ASA behind the firewall.

0 Helpful
Customers Also Viewed These Support Documents