Remove Stale Peer from IPsec l2l connection

[nhidalgo]

I have a router with two internet connections. One is DSL one is a ceullar hwic. I have them setup with a flouting static route, make the dsl the primary connection. The vpn establishes fine via the dsl, i then pull the plug on the dsl connection and the Hwic fires up. The problem is the tunnel doesn't come up for 51 minutes. I keep getting phase 2 errors until the asa finally removes the old peer address for the tunnel. Is there a setting to adjust when stale address are removed.

ASA 5510 ver 7.
Cisco 2801 12.4

Thanks

 

[North323]

what is your dead peer detection set at?

hostname# show crypto isakmp sa

or you could try using VRRP?

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_tech_note09186a0080094490.shtml

 

[nhidalgo]

don't see one

show crypto isakmp sa

Active SA: 58
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 58

1 IKE Peer: 71.242.241.***
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
2 IKE Peer: 71.245.62.***
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
3 IKE Peer: 141.158.133.***
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
4 IKE Peer: 71.242.238.***
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE

 

[North323]

try setting up your Dead Peer detection. i think its dpd ?

 

[nhidalgo]

looks like dead peer detection is only for ssl vpn, i am still looking at it though

 

[rbradely]

try:

clear ipsec sa peer <ip.addr>

this will clear the connection.

to clear all connections:

clear ipsec sa

-Ryan