I've implemented a Dynamic to Static Site-to-Site IPSec VPN between a ASA5505 on a vessel and the headquarters. Now, this solution doesn't allow the HQ to initiate the IPsec connection.
In the Vessel network, there is a router behind the ASA5505. I heard that if I want to keep the tunnel up, so that HQ clients can initiate traffic to remote clients through the tunnel, I'd need to run IP SLA icmp probes on the router behind the ASA.
Could someone explain how to implement it?
Thanks for your help.