Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
15
Helpful
2
Replies

Ipsec L2L VPN Idle timeout

Pawan Raut
Level 4
Level 4

‎03-04-2022 08:12 AM

What is the risk associated with increasing the idle timeout value for IPsec site to site VPN or disabling the idle timeout for IPsec site to site VPN.

Labels:
2 Replies 2

Rob Ingram
VIP
VIP

‎03-04-2022 08:32 AM - edited ‎03-04-2022 08:37 AM

@Pawan Raut you'd probably want to ensure the same value is configured on both ends to ensure there is no mismatched timers. Alternatively use a VTI, the tunnel will always be up.

MHM Cisco World
VIP
VIP

‎03-04-2022 08:55 AM

Even so idle timeout is increase, still there is isakmp time which make borh peer re establish tunnel after defualt 24 hr.

Idle timeout use with dpd where the dpd have two criteria  to work

1-idle timeout is end

2- the rourer need to send traffic  to other peer.

When idle is high then dpd not work probably.

Customers Also Viewed These Support Documents