Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2370
Views
0
Helpful
2
Replies

VPN site to site ASA 5505 timeout

robin.esparre
Level 1
Level 1

‎11-04-2011 08:50 AM

Hi,

I have make a VPN between 2 firewall ASA 5505.
My vpn is working but after xxx minutes, the VPN disconnect automaticly.

How can i change it for have a "continuous VPN"?

thanks.

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎11-05-2011 05:42 AM

Enable ISAKMP keepalives on both ASA.

0 Helpful

Kishore Chennupati
Level 7
Level 7

‎11-05-2011 06:21 AM

Hi Robin,

Your VPN's disconnect automatically because they don't hear anything from each other. It's like they are not talking to each other so each ASA believes the other is dead. In order to fix this you use DPD(dead peer detection).

What DPD does is to send keepalives to each other the default on ASA is 10 seconds by default. You can change that if you want but its not recommended. So, in this way both the devices know each other and keep the tunnel up and dont tear it down.

You enable DPD by typing the command under the tunnel group.

tunnel-group tunnel-group-name ipsec-attributes
isakmp keepalive enable


HTH
Kishore
0 Helpful
Customers Also Viewed These Support Documents