Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN to Juniper ISG 1000

Dear All,

I have ASA 5510 with 8.4 connected to ISG 1000, when traffic is passing the VPN tunnel is working fine, when the traffic stops, ASA will drop the packet but the VPN tunnel on ISG still up .

When new traffic started from ISG side, it will drop, as the tunnel is not up on ASA side.

I tried some setting on ASA like

** Keepalive

** vpn-idle-timeout none

** vpn-session-timeout none

and from ISG the keepalives and hearbeat

But no luck.

Any idea how to make the tunnel up all the times even no traffic, or when it will drop in ASA, ISG must drop it as well.



Everyone's tags (4)

Re: VPN to Juniper ISG 1000

Are you sure you changed the VPN idle timeout under the correct group policy? 

I've configured tunnels to ISG's running ScreenOS many times without issue.  Enable logging or turn on the ISAKMP debugs on the ASA and see if you can see a delete message being sent to the Juniper or a loss of contract betwen the peers

debug crypto isakmp 254

New Member

Re: VPN to Juniper ISG 1000

Yes, Im sure of that.

Version 8.2 has no problems, but I face this on 8.4 only.

CreatePlease to create content