site to site with asa5520 to ISA establishes but doesnt stay active

gmtimmons · ‎02-20-2009

I have a tunnel established site to site and the only way we can get it to negotiate is for the ISA site to ping the ASA site. At that point Im able to ping his internal and vice versa but after a few minutes of no activity the connection drops and he has to ping me again. Im not familiar with ISA but he says there is no keep alive setting like with Cisco. Any ideas on how to make the tunnel stay active? thanks in advance

andrew.prince · ‎02-20-2009

try adding the below:-

tunnel-group <> ipsec-attributes

isakmp keepalive threshold infinite

HTH>

gmtimmons · ‎02-20-2009

I will try that, but Im already getting messages that the peer device (isa at remote location) doesnt support keepalives. Basically I get a syslog message that says something like this Keep alives are configured, but the peer device doesnt support it.

thanks for the suggestion

andrew.prince · ‎02-20-2009

Yep - the command tells the ASA that the remote end will no initiate/support keepalives and it should do it anyway!

gmtimmons · ‎02-20-2009

command applied, for some reason, the only way I can renegotiate the tunnel is to have someone at the remote site (isa site) ping something internal here at the local (asa site) I can not ping something at the remote site to renegotiate the tunnel any suggestions for that?

thanks again

andrew.prince · ‎02-20-2009

OK - did this situtation exist before you entered my suggested command?

If not remove the command.

gmtimmons · ‎02-20-2009

that situation existed prior to command, yes

andrew.prince · ‎02-20-2009

OK - post you config for review, remove sensitive iformation.