Re: Initiate L2L IPSEC Tunnel on ASA

8pcallahan · ‎07-18-2008

Using ASA 5510s for L2L IPSEC tunnels with DSL connections between sites. These tunnels are for backup connectivity if the primary Metro connection goes down. As long as the Metro is up no traffic will flow across the IPSEC tunnels because there is no interesting traffic to initiate the tunnel.

Is there a way other than defining interesting traffic to keep the IPSEC tunnels up at all times?

I've set the VPN idle time out to none which should keep them up after they are initiated. I'd rather not have to pull my Metro connections to force the tunnels up and I don't want to wait for a Metro outage to ensure they are working.

Thanks!

Marwan ALshawi · ‎07-19-2008

if u want it up all time

use GRE over IPsec and use a routing protocol between ur VPN peers

in this case u gonna keep ur connection up

but if u have routing over ur metro

becare from makeing a conflect or ur the vpn being the prefered

good luck

rate if helps

srue · ‎07-19-2008

maybe this can help somehow.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml