Solved: force IPSec tunnel to stay up even if no traffic

pidomudes · ‎05-20-2014

Hello,

We are running exactly through the same problem as already described here;

https://supportforums.cisco.com/discussion/11666661/can-we-automatically-renegotiate-phase-2-sa-so-vpn-tunnel-stays-even-if-no

We are actually running ASA 9.1 and the remote peer is a Fortigate. Is there new fonction that has been introduce since the forum post above or does creating a sla is the only way to keep up IPsec tunnel.

Regards

Marvin Rhoads · ‎05-20-2014

Nothing new has been built into the ASA to accommodate this requirement.

I've also had good results a script running on an internal host to send a "tcp ping" to a remote host, thus making sure interesting traffic was present frequently enough to keep the tunnel up.

View solution in original post

Marvin Rhoads · ‎05-20-2014

Nothing new has been built into the ASA to accommodate this requirement.

I've also had good results a script running on an internal host to send a "tcp ping" to a remote host, thus making sure interesting traffic was present frequently enough to keep the tunnel up.

pidomudes · ‎05-21-2014

Thanks for your help