[c-nsp] vpn down if no traffic
Jorge Evangelista
netsecuredata at gmail.com
Thu Feb 8 09:34:22 EST 2007
Also, you could configure a kron in the router cisco, send a ping for
tunnel no die.
kron occurrence sixtymins in 1:0 recurring
policy-list 60
!
kron policy-list 60
cli ping 192.168.2.1 source 192.168.1.1
!
On 2/8/07, Justin M. Streiner <streiner at cluebyfour.org> wrote:
> On Thu, 8 Feb 2007, Alexandre Durand wrote:
>
> > I m wondering why with any cisco router, vpn tunnel site to site goes
> > down if no traffic is generated. Is there a timeout somewhere we can
> > configure or remove? is there a way to maintain this vpn tunnel up even
> > if there is no traffic?
>
> This is normal behavior. You're either running into an IKE or IPSEC
> timeout (data or time). The tunnel should immediately re-establish when
> the router sees traffic that would want to go into the tunnel. I don't
> believe the timers can be disabled. Re-establishing a site to site VPN
> tunnel is prett painless and normally automatic, so it shouldn't be a big
> issue.
>
> If you really wanted to, I suppose you could set up a machine on one side
> of the tunnel to ping a machine on the other side once every few minutes
> or so, but keep in mind that at some point the tunnel will still reach a
> point where it has to drop and re-key, then come back up.
>
> jms
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
"The network is the computer"
More information about the cisco-nsp
mailing list