Re: Dead Peer Detection on ASA 8.3 L2L from Edouard Zorrilla on 2010-08-24 (Ccielab archives 08/2010)

From: Edouard Zorrilla <ezorrilla_at_tsf.com.pe>
Date: Tue, 24 Aug 2010 15:34:42 -0700

This is what I get:

ASA(config-tunnel-ipsec)# isakmp ?

tunnel-group-ipsec mode commands/options:
ikev1-user-authentication Configure IKEv1 User Authentication
keepalive Configure ISAKMP keepalives

configure mode commands/options:
  am-disable Disable inbound aggressive mode connections
  client Set client configuration policy (DEPRECATED - see 'help
isakmp')
  disconnect-notify Enable disconnect notification to peers
  enable Enable ISAKMP on the specified interface
  identity Set identity type (address, hostname or key-id)
  ipsec-over-tcp Enable and configure IPSec over TCP
  keepalive Set keepalive interval (DEPRECATED - see 'help isakmp')
  key Set pre-shared key for remote peer (DEPRECATED - see
'help isakmp')
  nat-traversal Enable and configure nat-traversal
  peer Set xauth and config mode exemption for the specified
peer (DEPRECATED - see 'help isakmp')
  policy Set ISAKMP policy suite
  reload-wait Wait for voluntary termination of existing connections
before reboot
ASA5540(config-tunnel-ipsec)# isakmp

You will see the option "[keepalive Set keepalive interval
(DEPRECATED - see 'help isakmp')]" that says deprecated but it seems it is
for the configuration mode. So it seems that this command

ASA(config-tunnel-ipsec)# isakmp keepalive threshold 60 retry 5,

Would be ok since it is not in the configuration mode...,

Thanks.

----- Original Message -----
From: "Edouard Zorrilla" <ezorrilla_at_tsf.com.pe>
To: <ccielab_at_groupstudy.com>
Cc: <security_at_groupstudy.com>
Sent: Tuesday, August 24, 2010 3:24 PM
Subject: Dead Peer Detection on ASA 8.3 L2L

> Hey,
>
> I see that the command "sakmp keepalive threshold" is deprecated inside
> the "tunnel-group ipsec-attributes". Do you know what is the DPD command
> for L2L VPN with ASA 8.3 ?.
>
> Thanks in advance for your time.,
>
> Regards
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Aug 24 2010 - 15:34:42 ART

This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:53 ART