Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
705
Views
0
Helpful
2
Replies

VPN tunnel works great and then dies when idle.

orangejesus
Level 1
Level 1

‎10-16-2012 07:50 AM

So I am hoping for some general guidence. I have set up 2 RV110w firewall/vpn/routers at remote locations and an ipsec tunnel between them.  Once the tunnel gets established everything works fine until it has been idle for some arbitrary amount of time. (Maybe a half hour or less.) at which point we lose server access and can no longer ping across the tunnel. To fix this I have had to dissconnect and reopen the tunnel again,  I even went so far as to install an autopinger on the remote end to keep traffic on the tunnel which seems to help but is not going to be a viable long term solution.   I expect that I am doing everything wrong entirely but any sort of guidance would be much appreciated.  Called cisco support and the gentleman I talked to was both very nice and very unhelpful, he seemed to be unsure of what any of the various settings really did and sounded like he was guessing.  

Labels:
0 Helpful
2 Replies 2

Rudy Sanjoko
Level 4
Level 4

‎10-16-2012 08:08 AM

You need to configure the idle timeout, because I am not familiar with this router series I don't know if that command is  supported on RV110W or not, but I found out that you can disable the DPD (Dead Peer Detection) on this router, the steps on how to disable it can be found on following link under "Configuring Advanced VPN Parameters" section:

http://www.cisco.com/en/US/docs/routers/csbr/rv110w/administration/guide/rv110w_admin.pdf

0 Helpful

orangejesus
Level 1
Level 1

‎10-16-2012 08:16 AM

One of the things I have tried is disabling dead peer detection on both endpoints and this has not resolved the issue,  I have also switched to agressive mode and extended the SA lifetime on both routers to the maximum allowed value.  I have not been able to find an idle timeout setting, if there is one or any way to set this up that would be fantastic.  I don't know many situations where manually reseting the tunnel everytime someone needed to use it would be the expected procedure.  I appreciate the advice and have looked through the router documentation again. I'm can't imagine that the expected behavior of this feature is to close the tunnel and then not be able to reestablish it.

0 Helpful
Customers Also Viewed These Support Documents