How to disable the VPN timeout setting on CISCO devices
Stop site-to-site CISCO VPN Drops
By default, CISCO site-to-site VPNs timeout after 30 minutes of idle time. Have you ever had to had to work on a client issue at their site and then try the remote desktop connection, and presto no VPN connection. The status of the VPN show online on your VPN/firewall but still no access. After a couple weeks of searching I found this solution.
Here’s the solution, straight from Cisco:
PIX/ASA 7.x and later
Enter the vpn-idle-timeout command in group-policy configuration mode or in username configuration mode in order to configure the user timeout period:
hostname(config)#group-policy DfltGrpPolicy attributes hostname(config-group-policy)#vpn-idle-timeout none
Configure a maximum amount of time for VPN connections with the vpn-session-timeout command in group-policy configuration mode or in username configuration mode:
hostname(config)#group-policy DfltGrpPolicy attributes hostname(config-group-policy)#vpn-session-timeout none
Cisco IOS Router
Use the crypto ipsec security-association idle-time command in global configuration mode or crypto map configuration mode in order to configure the IPsec SA idle timer. By default IPsec SA idle timers are disabled.
crypto ipsec security-association idle-time seconds
Time is in seconds, which the idle timer allows an inactive peer to maintain an SA. Valid values for the seconds argument range from 60 to 86400.
Thanks for reading. Feel free to leave comments.