Remote Access VPN client, cant connect until ping from server

Unanswered Question
Oct 22nd, 2009

I am having an issue where we our remote vpn users from our sister company cant connect to certain servers unless the server pings their address first. AFter it pings them, they can connect. Not sure what to look for..any suggestions?

thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gmtimmons Thu, 10/22/2009 - 08:35

on the asa at sister company there is a setting vpn-idle-timeout 30

Does this mean with no activity from the other end it drops communication with that device? The vpn session itself doesnt drop just it connection with a particular server...thanks

Patrick0711 Thu, 10/22/2009 - 17:42

Sounds like a typical Phase 2 SA negotiation. It's typical to see 1 unsuccessful ping while the Phase 2 SA is built.

In regards to the vpn-idle-timeout..

With DPD keepalives enabled, the tunnel will be deleted if DPD packets are exchanged for 30 minutes.

Without DPD keepalives enabled, the tunnel will be deleted if no encaps/decaps are sent/received within 30 minutes.

Actions

This Discussion