cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Register for SecureX webinars to learn about our newest integrations and features.

1301
Views
70
Helpful
3
Replies

FTD VPN idle timeout per peer

hi,

 

is it posible to remove idle timeout (set it to no timeout) ond per peer bases? 

 

br

1 ACCEPTED SOLUTION

Accepted Solutions
3 REPLIES 3
balaji.bandi
VIP Guru

hmmm ... this workarround desribed in bug looks pormising ... will try it tommorow ... I do not want to mess with flexconfig

 

For Firepower Management Center: Workaround 1 - per S2S VPN: Enable Traffic Flow Confidentiality (TFC). TFC sends dummy encrypted packets at random intervals. Those packets are counted as real sent traffic and they will keep the VPN from idling out. To configure on FMC: https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/firepower_threat_defense_site_to_site_vpns.html#reference_nwy_fhl_wy
Edit VPN Topology -> IPsec tab -> unfold ESPv3 settings -> Enable TFC

just info ... workarround is working ok

Create
Recognize Your Peers
Content for Community-Ad
Additional Cisco Threat Response Resources


August's Community Spotlight Awards