Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1604
Views
5
Helpful
2
Replies

VPN idle timeout

flokki123
Level 3
Level 3

‎09-07-2018 04:49 AM

Hi all,

 

what happens when the idle timeout of Phase 2 runs out?

I thought that maybe Phase1 (Mgmt tunnel) would stay connected while IPSec SA would get torn down.

Then once traffic hits the VPN GW for the respective tunnel a new IPSec SA would get established.

On my ASA the idle timeout ran out, the tunnel got completely torn down and even though there is no traffic new SAs have been established!?

 

Is that correct?

 

Thanks for any help!

Labels:
0 Helpful
2 Replies 2

petehaaswws
Level 1
Level 1

‎09-12-2018 07:38 AM

It sounds like you might be best to implement DPD:

https://community.cisco.com/t5/security-documents/dead-peer-detection/ta-p/3111324

 

Hope this helps

 

flokki123
Level 3
Level 3
In response to petehaaswws

‎09-13-2018 12:43 AM

Hi Pete,

 

thanks for your Reply.

 

I think you pushed me in the right direction.

DPD is enabled for the respective tunnel and thus after 10 sec of being idle the DPD feature sent a keepalive packet and the tunnel was newly set up. At least thats my understanding. Thus even though there was no traffic the tunnel was up again.

 

Thanks

Florian

 

0 Helpful
Customers Also Viewed These Support Documents