03-04-2022 08:12 AM
What is the risk associated with increasing the idle timeout value for IPsec site to site VPN or disabling the idle timeout for IPsec site to site VPN.
03-04-2022 08:32 AM - edited 03-04-2022 08:37 AM
@Pawan Raut you'd probably want to ensure the same value is configured on both ends to ensure there is no mismatched timers. Alternatively use a VTI, the tunnel will always be up.
03-04-2022 08:55 AM
Even so idle timeout is increase, still there is isakmp time which make borh peer re establish tunnel after defualt 24 hr.
Idle timeout use with dpd where the dpd have two criteria to work
1-idle timeout is end
2- the rourer need to send traffic to other peer.
When idle is high then dpd not work probably.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide