Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
601
Views
10
Helpful
3
Replies

VPN Needs Ping to Stay Up

Patrick McHenry
Level 4
Level 4

‎01-19-2012 07:13 AM - edited ‎03-11-2019 03:16 PM

Hi,

Does anyone know why some of our site to site VPNs need a ping every half hour to stay up? Others don't.

Thanks, Pat.

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-19-2012 07:24 AM

If there's no interesting traffic being presented on the tunnel, the default behavior would be to tear it down after the Phase 2 SA times out.

If there is interesting traffic, yet it still drops, it could be an interoperability bug with a different vendor at the distant end. I have seen that on occassion between ASA and Juniper Netscreen.

Patrick McHenry
Level 4
Level 4
In response to Marvin Rhoads

‎01-19-2012 07:32 AM

would Phase 2 be the Security Association Lifetime Settings?  On this particular VPN, they are set to 8 hours.

Thanks, Pat

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Patrick McHenry

‎01-19-2012 07:50 AM

Yes, lifetime settings would be it.

"Show crypto ipsec sa" will show you. among other things, what the firewall believes is the configured and remaining time. See examples in this document. You might want to verify that at both ends to confirm the settings.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card