Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5522
Views
20
Helpful
4
Replies

Keep a VPN tunnel on ASA

Go to solution
yamikani2g2
Level 1
Level 1

‎01-28-2019 07:23 AM

Good day experts,

 

Could someone please explain in detail how i will keep a VPN tunnel up between My ASA and Amazon cloud services.

I have been trying to explain to my team members that we need a constant flow of interesting traffic but issue is Amazon cloud can not source the traffic neither can the third party client source it.

 

We find the tunnel down and we have to ask the third party client to ping amazon cloud that done the tunnel comes up is there a way we can keep the tunnel up? ?IP SLA?

 

Thanks in advance

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
4 Replies 4

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎01-28-2019 07:35 AM

IP SLA is an efficient way of doing it to keep the tunnel IP. You can also
configure alerting on SLA failures based on syslog messages to send an alarm
0 Helpful

Go to solution
Michael Braun
Level 1
Level 1

‎11-20-2020 04:38 PM

Hi all,

i know this is an old post, but get this:

###### = comment

## in config mode ##

event manager applet PingHost ###> PingHost is the applet name
event timer watchdog time 300 ###> i set it to repeat every 5 min
action 1 cli command "ping inside 10.4.121.112 repeat 2" ###> ping my host on the other side of the VPN
action 2 cli command "ping inside 10.4.121.121 repeat 2" ###> ping my second host on the other side of the VPN

output none ###> you could add like a syslog entry, in my case nothing

## add more if you want  - of course change the IP to the host you try to reach @##

## you need the " at the end ##

## This will send a periodic ping with source from the inside interface to a destination of your choice - thus bringing up the tunnel ##

 

Go to solution
Rob Slean
Level 1
Level 1
In response to Michael Braun

‎03-03-2021 08:26 PM - edited ‎03-03-2021 08:27 PM

Michael, this is an amazing solution.

 

One thing to add, in order for this to work make sure you have the "management-access inside" command entered as well.

 

 

Customers Also Viewed These Support Documents