04-11-2018 12:02 AM - edited 03-12-2019 05:11 AM
Hi All,
We have configured Site to Site VPN between ASA and Palo Alto. Where ASA is the initiator. But the requirement is that we have traffic generation from Palo Alto end also. We have observed that tunnel goes down when there is no traffic from Initiator end. We have to call team at ASA end to generate some traffic so that we can also access resources behind ASA.
Please advise what should be done to keep the tunnel active to keep traffic flowing bidirectionally without any manually intervention, irrespective of ASA being initiator.
Thanks,
Shaf
Solved! Go to Solution.
04-11-2018 07:31 AM
Hello @shafhuss,
As @Mohammed al Baqari said, you have 2 options but I would recommend option number 2 since is better in the long run, here is a link if you want to implement it: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118087-technote-asa-00.html
HTH
Gio
04-11-2018 12:58 AM
04-11-2018 07:31 AM
Hello @shafhuss,
As @Mohammed al Baqari said, you have 2 options but I would recommend option number 2 since is better in the long run, here is a link if you want to implement it: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118087-technote-asa-00.html
HTH
Gio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide