Solved: Site to Site VPN Tunnel----Keeping tunnel up

mahesh18 · ‎02-09-2014

hi everyone,

I have config Site to Site VPN tunnel at home lab for learning purposes.

Tunnel is build up and working fine.

Here is setup below

R1--ASA1 -----R2-----R3------ASA2 -----R4

Local Network on ASA1 is 10.0.0./24

Local network on ASA2 is 10.2.0.0/24

What i found is tunnel only build up when i ping from R4 to R1 or vice versa.

After some time then there is no interesting traffic tunnel goes away?

IS there any config that i can do so that tunnel remains up up?

Regards

MAhesh

Jouni Forss · ‎02-09-2014

Hi Mahesh,

You could try to configure a "group-policy" for the L2L VPN and try setting the "vpn-idle-timeout none" and see if that helps

For example

group-policy L2LVPN internal

group-policy L2LVPN attributes

vpn-idle-timeout none

tunnel-group x.x.x.x type ipsec-l2l

tunnel-group x.x.x.x general-attributes

default-group-policy L2LVPN

- Jouni

Jouni Forss · ‎02-09-2014

Hi Mahesh,

You could try to configure a "group-policy" for the L2L VPN and try setting the "vpn-idle-timeout none" and see if that helps

For example

group-policy L2LVPN internal

group-policy L2LVPN attributes

vpn-idle-timeout none

tunnel-group x.x.x.x type ipsec-l2l

tunnel-group x.x.x.x general-attributes

default-group-policy L2LVPN

- Jouni

mahesh18 · ‎02-09-2014

Hi Jouni,

Thats done.

Will see hot it goes.

Best regards

MAhesh

mahesh18 · ‎02-16-2014

Hi Joini,

I tested tunnel stays up even without interesting traffic.

Regards

Mahesh