?
Solved

I have several IPSEC LAN-to-LAN VPN's.  When there is no traffic going down the tunnel the VPN shows as down.  How do I configure a keepalive so this won't happen?

Posted on 2009-02-24
3
Medium Priority
?
652 Views
Last Modified: 2012-06-22
Is seems when there is no traffic going down the tunnel of the VPN it show as down until traffic is initiated again.  I notice this mostly on my Pix 506E and my ASA 5505's.  What is the proper way to configure a keepalive so this will not happen.  Thanks
0
Comment
Question by:Crossroads305
3 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 23721015
This is the way it is designed. It times out after a certain amount of time with no traffic and drops the tunnel. It comes back up almost instantly as soon as there is traffic, so there shouldn't be any problem.
you can always setup a script on a PC to ping something across the vpn, say a printer that's always on, every 5 minutes or so and just let the script run on a loop.
0
 
LVL 16

Accepted Solution

by:
memo_tnt earned 2000 total points
ID: 23721509
it depends if there is traffic between ur sites;
u can configure ur router to build the tunnel even if there is no traffic
which is applied to ur dialer interface
!
dialer idle-timeout 300
!
>>>> 300 is time required for the tunnel before going up
-------------------------------------
u can use this also
!!
crypto isakmp keepalive ....
!
To allow the gateway to send dead peer detection (DPD) messages to the peer, use the crypto isakmp keepalive command in global configuration mode. To disable keepalives, use the no form of this command.

crypto isakmp keepalive seconds [retries] [periodic | on-demand]

no crypto isakmp keepalive seconds [retries] [periodic | on-demand]

The following example shows how to configure DPD messages to be sent every 60 seconds and every 5 seconds between retries if the peer does not respond:

crypto isakmp keepalive 60 5

>>>>>>>>>>>>>>>>>>>>>...

u can also creat a script file to make a ping command from one of the PEERS lan side




 
http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_24063685.html
 
BR
0
 
LVL 1

Author Closing Comment

by:Crossroads305
ID: 31550535
I will try the "crypto isakmp keepalive" statement and see if this will solve the problem.  Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question