Barracuda/ASA IPSEC tunnel is closing (which is ok, on idle) but can only be raised from the Barracuda side

Question

We have a IPSEC tunnel set up between our ASA and a Barracuda NG on the other side. The tunnel is functional, except it seems to have a very short idle time-out (couple of seconds) and it can only be raised from the Barracuda side.

I feel reasonably confident that ASA side is properly configured (but am open to ideas, in case I'm wrong) but I have no idea about Barracuda. If anyone knows that device - What are we missing? Where does the keep-alive get set? And, why can the tunnel only be opened from their side?

Any help is much appreciated.

score 1 · Answer 1 · answered Oct 15 '12 at 17:40

If the tunnel can only be "opened" form the Barracuda side, then yes, you did misconfigure the ASA end of the tunnel :)

To enable bidirectional initiation, set

crypto map <map_name> <prio> set connection-type bidirectional

To alter the keepalive behaviour, set the isakmp keepalive:

  tunnel-group <peer-ip> ipsec-attributes
    isakmp keepalive threshold <infinite> | <10-3600> retry <2-10>

Barracuda/ASA IPSEC tunnel is closing (which is ok, on idle) but can only be raised from the Barracuda side

1 Answers1