03-03-2022 06:42 AM
hi,
is it posible to remove idle timeout (set it to no timeout) ond per peer bases?
br
Solved! Go to Solution.
03-03-2022 07:01 AM
i think yes please check below :
https://www.cisco.com/c/en/us/support/docs/security/firepower-management-center/217436-disable-ftd-site-to-site-vpn-idle-timeou.html
BB
***** Rate All Helpful Responses *****
How to Ask The Cisco Community for Help
View solution in original post
03-03-2022 10:48 AM
hmmm ... this workarround desribed in bug looks pormising ... will try it tommorow ... I do not want to mess with flexconfig
For Firepower Management Center: Workaround 1 - per S2S VPN: Enable Traffic Flow Confidentiality (TFC). TFC sends dummy encrypted packets at random intervals. Those packets are counted as real sent traffic and they will keep the VPN from idling out. To configure on FMC: https://www.cisco.com/c/en/us/td/docs/security/firepower/70/configuration/guide/fpmc-config-guide-v70/firepower_threat_defense_site_to_site_vpns.html#reference_nwy_fhl_wy Edit VPN Topology -> IPsec tab -> unfold ESPv3 settings -> Enable TFC
03-04-2022 11:10 PM
just info ... workarround is working ok
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
