have to ping server through vpn to establish connection

Unanswered Question
Jul 15th, 2009

We have a site to site vpn connection between two asa 5520's which works great for most things, but we have a few servers on each end that we have to ping to establish a connection. Currently we have a batch file written to ping every 10-15 min to keep the connection established between those servers. any suggestions on where to start looking? thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Tue, 07/21/2009 - 08:00

It would be normal to have the tunnel up with pings or any other traffic if this tunnel was never up before, now in your case the obligated question is: Are these servers part of the same network that bring up the tunnel in the first place? if they are not part of the same tunnel or SA that is created when the lan to lan is created and instead they have its separate SA it would be "normal" to have to establish this SA, but pings would be one way to do it, any traffic should do it. Now if your application is very sensitive and no packets can be lost then it would be normal too to have pings bring it up.

I would first make sure that both servers are part of the original SA definition of the lan to lan, and then will start to see what errors would come on the vpn endpoints when no ping is ran and instead the server's application is executed.


This Discussion