[c-nsp] vpn down if no traffic

Alexandre Durand alexandre.durand at thecloud.net
Fri Feb 9 05:06:56 EST 2007


That s fantastic, Thank you very much, that s exactly what i wanted to know.

My question now is how often the vpn dies, is there a timer? is it in 
relation with the ipsec lifetime?

if i run this kron i need to know the frequency of pings.

Regards,

Alex

Jorge Evangelista wrote:
> Also, you could configure a kron in the router cisco, send a ping for
> tunnel no die.
>
> kron occurrence sixtymins in 1:0 recurring
>  policy-list 60
> !
> kron policy-list 60
>  cli ping 192.168.2.1 source 192.168.1.1
> !
>
>
>
>
> On 2/8/07, Justin M. Streiner <streiner at cluebyfour.org> wrote:
>   
>> On Thu, 8 Feb 2007, Alexandre Durand wrote:
>>
>>     
>>> I m wondering why with any cisco router, vpn tunnel site to site goes
>>> down if no traffic is generated. Is there a timeout somewhere we can
>>> configure or remove? is there a way to maintain this vpn tunnel up even
>>> if there is no traffic?
>>>       
>> This is normal behavior.  You're either running into an IKE or IPSEC
>> timeout (data or time).  The tunnel should immediately re-establish when
>> the router sees traffic that would want to go into the tunnel.  I don't
>> believe the timers can be disabled.  Re-establishing a site to site VPN
>> tunnel is prett painless and normally automatic, so it shouldn't be a big
>> issue.
>>
>> If you really wanted to, I suppose you could set up a machine on one side
>> of the tunnel to ping a machine on the other side once every few minutes
>> or so, but keep in mind that at some point the tunnel will still reach a
>> point where it has to drop and re-key, then come back up.
>>
>> jms
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>     
>
>
>   


-- 
Alexandre Durand
Edge Network Engineer
A:	The Cloud Networks Ltd
	54 Bartholomew Close
	EC1A 7RY
M:	0770 291 1805
W:	www.thecloud.net 




More information about the cisco-nsp mailing list