cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
512
Views
5
Helpful
3
Replies

IPSEC tunnel questions

jolo07310
Level 5
Level 5

Hi all,

I have asa5510 ipsec tunnel to asa5505. I always need to ping another side to bring up the tunnel.

I assume the reason to cause that because there is no traffic at the tunnel. Is there anyway to have tunnel up all the time even though there is no traffic??

Thanks for help.

Ken

3 Replies 3

remi-reszka
Level 1
Level 1

Hi Ken,

Are you using site2site IPSec tunnels only? Or you are also using GRE?

Thanks,

Remi

Hi Remi,

I am using Site2Site IPSec tunnel only.

Thanks

Ken

Hi Ken,

Some time ago I was trying to resolve the same problem i.e. to keep the IPSec tunnel (no GRE) all the time up. All I found is the IPSec tunnel only come up when there is an interesting traffic coming into the tunnel. I counld't find anything that would send keep alives to keep the tunnel up.

There are few alternatives I guess, you can use GRE tunnels with IPSec in transport mode so it should keep it up all the time. The second alternative that I am using now is EZVPN server and remote in network extension mode. It all works great. With EZVPN the IPSec tunnel comes up straigth away and stays in QM_IDLE state even without intersting traffic flowing through it.

Hope it helps.

Remi

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: