I am having an issue where we our remote vpn users from our sister company cant connect to certain servers unless the server pings their address first. AFter it pings them, they can connect. Not sure what to look for..any suggestions?
on the asa at sister company there is a setting vpn-idle-timeout 30
Does this mean with no activity from the other end it drops communication with that device? The vpn session itself doesnt drop just it connection with a particular server...thanks
Sounds like a typical Phase 2 SA negotiation. It's typical to see 1 unsuccessful ping while the Phase 2 SA is built.
In regards to the vpn-idle-timeout..
With DPD keepalives enabled, the tunnel will be deleted if DPD packets are exchanged for 30 minutes.
Without DPD keepalives enabled, the tunnel will be deleted if no encaps/decaps are sent/received within 30 minutes.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: