Thanx. That's actually not a bad idea! :-)

Just curious... are there no settings in the PIX itself that keeps the tunnel alive 24/7? No timeout settings one can fiddle around with to make this happen?

I would think that such a setting would be very well received by the industry, since more and more people are using VPN's to connect different offices together and demand a permanent connection that doesn't timeout. Especially now since most companies are using broadband connections with unlimited download/upload and 24/7 connectivity.

The tunnels automatically renegotiate if needed. If there is no traffic, they are not kept up. They don't timeout - if there is a need to keep them up, they are.

So much I have gathered. My problem however is that my client uses IBM AS/400 Client Access Mananger to connect to a AS/400 machine via the VPN tunnel. What happens is that the tunnel disconnects when the Client Access Manager hasn't been in use for some time, which results in a logout on the Client Access Manager. The customer must then restart the Client Access Manager and login again. It's a bit annoying for them.

This is why I ask if there is any way one can keep the tunnel permanently up 24/7... in the shape or form of a setting on the PIX itself

Anybody?

If it cannot be done on the PIX itself, I will just have to enable some service (NTP or such) to poll at certain intervals. I would however like this to be the last resort to solving my problem.

Thanx in advance! :-)

Hi, what the previous post said is true, but I was wondering - Isn't there a time out setting for the Client Access Manager on the AS/400 (I'm not a AS/400 expert), if there is one, surely you could set the time out to '0' or something so that it never times out and hence your client doesn't lose the connection!!

Just a thought - Thanks --

Hi and thanx for the replies so far. :-)

The real problem is that the AS/400 software doens't really time out.... it just doesn't send any form of traffic while logged in and in idle usage. Either that or it sends "keep-alives" at a higher interval then what the VPN tunnel disconnect-settings. So the VPN sees that no traffic is being passed over the tunnel and disconnects after a while. Only when one starts using the AS/400 software again will the tunnel be re-established, but not fast enough for the software client to think it is still connected.

According to my AS/400 expert here at my company, there is no timeout functions to be set on either side. Still find that hard to believe myself, but then again... I am not an AS/400 expert either.

But I guess my solutions is to install a schedule on the remote site PC, which will ping the AS/400 every 10'th minute or so... just to keep the connection up while the PC that is running the AS/400 Client software is turned on.

Would have been nice to have a setting in the PIX that would prevent any shape or form of disconnection of the VPN tunnel, so it truely would be up 24/7. :-)

Hi Stefen,

I'm sure you can there is a function for the timeout, try this forum (you'll need to register):

http://groups.google.com/groups?lr=&safe=off&group=it.comp.as400

Also, as previously said - your VPN is connected and is not disconnected as it will ONLY come to play when there's 'intresting traffic' to transmit accross.

Hope this helps -