Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

site to site with asa5520 to ISA establishes but doesnt stay active

I have a tunnel established site to site and the only way we can get it to negotiate is for the ISA site to ping the ASA site. At that point Im able to ping his internal and vice versa but after a few minutes of no activity the connection drops and he has to ping me again. Im not familiar with ISA but he says there is no keep alive setting like with Cisco. Any ideas on how to make the tunnel stay active? thanks in advance

7 REPLIES

Re: site to site with asa5520 to ISA establishes but doesnt stay

try adding the below:-

tunnel-group <> ipsec-attributes

isakmp keepalive threshold infinite

HTH>

New Member

Re: site to site with asa5520 to ISA establishes but doesnt stay

I will try that, but Im already getting messages that the peer device (isa at remote location) doesnt support keepalives. Basically I get a syslog message that says something like this Keep alives are configured, but the peer device doesnt support it.

thanks for the suggestion

Re: site to site with asa5520 to ISA establishes but doesnt stay

Yep - the command tells the ASA that the remote end will no initiate/support keepalives and it should do it anyway!

New Member

Re: site to site with asa5520 to ISA establishes but doesnt stay

command applied, for some reason, the only way I can renegotiate the tunnel is to have someone at the remote site (isa site) ping something internal here at the local (asa site) I can not ping something at the remote site to renegotiate the tunnel any suggestions for that?

thanks again

Re: site to site with asa5520 to ISA establishes but doesnt stay

OK - did this situtation exist before you entered my suggested command?

If not remove the command.

New Member

Re: site to site with asa5520 to ISA establishes but doesnt stay

that situation existed prior to command, yes

Re: site to site with asa5520 to ISA establishes but doesnt stay

OK - post you config for review, remove sensitive iformation.

149
Views
0
Helpful
7
Replies
CreatePlease to create content