Question
Has anyone found a method to nail up an FTD to AWS VPN tunnel by using only the FTD device?
Challenges
- AWS Site-to-Site VPN doesn't support child tunnels.
- Idle-timeout is no longer configured, I don't believe, aside from key lifetimes (but not on the FTD).
- Cisco has blacklisted ip sla monitor as a means to keep the tunnel up bu ICMP echo, the very technique AWS recommends.
What is anyone else using to keep the tunnel(s) nailed up? Thanks!
RFC 1925