Solved: VPN Tunnel goes down

shafhuss · ‎04-11-2018

Hi All,

We have configured Site to Site VPN between ASA and Palo Alto. Where ASA is the initiator. But the requirement is that we have traffic generation from Palo Alto end also. We have observed that tunnel goes down when there is no traffic from Initiator end. We have to call team at ASA end to generate some traffic so that we can also access resources behind ASA.

Please advise what should be done to keep the tunnel active to keep traffic flowing bidirectionally without any manually intervention, irrespective of ASA being initiator.

Thanks,

Shaf

GioGonza · ‎04-11-2018

Hello @shafhuss,

As @Mohammed al Baqari said, you have 2 options but I would recommend option number 2 since is better in the long run, here is a link if you want to implement it: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118087-technote-asa-00.html

HTH

Gio

View solution in original post

Mohammed al Baqari · ‎04-11-2018

On ASA, you can configure group-policy to disable idle timeout. Not
recommended but doable. You can configure sla operation on ASA to keep
sending traffic as alternative.

GioGonza · ‎04-11-2018

Hello @shafhuss,

As @Mohammed al Baqari said, you have 2 options but I would recommend option number 2 since is better in the long run, here is a link if you want to implement it: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118087-technote-asa-00.html

HTH

Gio