Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
537
Views
0
Helpful
2
Replies

Remote Access VPN client, cant connect until ping from server

gmtimmons
Level 1
Level 1

‎10-22-2009 04:34 AM - edited ‎02-21-2020 03:45 AM

I am having an issue where we our remote vpn users from our sister company cant connect to certain servers unless the server pings their address first. AFter it pings them, they can connect. Not sure what to look for..any suggestions?

thanks

0 Helpful
2 Replies 2

gmtimmons
Level 1
Level 1

‎10-22-2009 08:35 AM

on the asa at sister company there is a setting vpn-idle-timeout 30

Does this mean with no activity from the other end it drops communication with that device? The vpn session itself doesnt drop just it connection with a particular server...thanks

0 Helpful

Patrick0711
Level 3
Level 3

‎10-22-2009 05:42 PM

Sounds like a typical Phase 2 SA negotiation. It's typical to see 1 unsuccessful ping while the Phase 2 SA is built.

In regards to the vpn-idle-timeout..

With DPD keepalives enabled, the tunnel will be deleted if DPD packets are exchanged for 30 minutes.

Without DPD keepalives enabled, the tunnel will be deleted if no encaps/decaps are sent/received within 30 minutes.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card