[c-nsp] vpn down if no traffic
Justin M. Streiner
streiner at cluebyfour.org
Thu Feb 8 09:08:45 EST 2007
On Thu, 8 Feb 2007, Alexandre Durand wrote:
> I m wondering why with any cisco router, vpn tunnel site to site goes
> down if no traffic is generated. Is there a timeout somewhere we can
> configure or remove? is there a way to maintain this vpn tunnel up even
> if there is no traffic?
This is normal behavior. You're either running into an IKE or IPSEC
timeout (data or time). The tunnel should immediately re-establish when
the router sees traffic that would want to go into the tunnel. I don't
believe the timers can be disabled. Re-establishing a site to site VPN
tunnel is prett painless and normally automatic, so it shouldn't be a big
issue.
If you really wanted to, I suppose you could set up a machine on one side
of the tunnel to ping a machine on the other side once every few minutes
or so, but keep in mind that at some point the tunnel will still reach a
point where it has to drop and re-key, then come back up.
jms
More information about the cisco-nsp
mailing list