10-22-2009 04:34 AM - edited 02-21-2020 03:45 AM
I am having an issue where we our remote vpn users from our sister company cant connect to certain servers unless the server pings their address first. AFter it pings them, they can connect. Not sure what to look for..any suggestions?
thanks
10-22-2009 08:35 AM
on the asa at sister company there is a setting vpn-idle-timeout 30
Does this mean with no activity from the other end it drops communication with that device? The vpn session itself doesnt drop just it connection with a particular server...thanks
10-22-2009 05:42 PM
Sounds like a typical Phase 2 SA negotiation. It's typical to see 1 unsuccessful ping while the Phase 2 SA is built.
In regards to the vpn-idle-timeout..
With DPD keepalives enabled, the tunnel will be deleted if DPD packets are exchanged for 30 minutes.
Without DPD keepalives enabled, the tunnel will be deleted if no encaps/decaps are sent/received within 30 minutes.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: