[c-nsp] vpn down if no traffic
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Thu Feb 8 08:31:10 EST 2007
Alexandre Durand <> wrote on Thursday, February 08, 2007 12:07 PM:
> Hi,
>
> I m wondering why with any cisco router, vpn tunnel site to site goes
> down if no traffic is generated. Is there a timeout somewhere we can
> configure or remove? is there a way to maintain this vpn tunnel up
> even if there is no traffic?
well, I'm not an IPSec specialist, but IPSec Security Associations have
a lifetime, and will only be re-established if there is traffic. So I
think the only way is to generate traffic to keep the SA's up.. you
could configure an ntp peer or use an IP sla probe to continously
generate a small amount of packets.. If you use GRE w/ Ipsec, you could
enable tunnel keepalives.. several ways to achieve the goal..
oli
More information about the cisco-nsp
mailing list