Dynamic-to-Static L2L IPSec VPN

Answered Question
Jun 15th, 2010
User Badges:

Hi,

I've implemented a Dynamic to Static Site-to-Site IPSec VPN between a branch office (vessel) ASA5505 and the headquarters. Now, this solution doesn't allow the HQ to initiate the IPsec connection. 

There is a router behind the ASA5505. I heard that if I want to keep the tunnel up, so that HQ clients can initiate traffic to remote clients through the tunnel, I'd need to run IP SLA icmp probes on the router behind the ASA.

Could someone explain how to implement it?

Thanks for your help.

Frank

Correct Answer by Jennifer Halim about 7 years 1 week ago

The ICMP probe can be done through any devices that is capable of doing ping, not only from the router.

The reason is as long as there is interesting traffic that triggers the traffic to be encrypted through the vpn tunnel, the tunnel will stay up, therefore, you will be able to initiate connection from HQ towards your remote site.


Hope that helps.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jennifer Halim Thu, 06/17/2010 - 09:45
User Badges:
  • Cisco Employee,

The ICMP probe can be done through any devices that is capable of doing ping, not only from the router.

The reason is as long as there is interesting traffic that triggers the traffic to be encrypted through the vpn tunnel, the tunnel will stay up, therefore, you will be able to initiate connection from HQ towards your remote site.


Hope that helps.

fntowo2009 Thu, 06/17/2010 - 11:16
User Badges:
Halijenn,
Thanks for your feedback.
Regards,
Francois

Actions

This Discussion

Related Content