Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Site to Site VPN Tunnel----Keeping tunnel up

hi everyone,

I have config Site to Site VPN tunnel at home lab for learning purposes.

Tunnel is build up and working fine.

Here is setup below

R1--ASA1  -----R2-----R3------ASA2  -----R4

Local Network on ASA1 is 10.0.0./24

Local network on ASA2 is 10.2.0.0/24

What i found is tunnel only build up when i ping from R4 to R1 or vice versa.

After some time then there is no interesting traffic tunnel  goes away?

IS there any config that i can do so that tunnel remains up up?

Regards

MAhesh

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Site to Site VPN Tunnel----Keeping tunnel up

Hi Mahesh,

You could try to configure a "group-policy" for the L2L VPN and try setting the "vpn-idle-timeout none" and see if that helps

For example

group-policy L2LVPN internal

group-policy L2LVPN attributes

vpn-idle-timeout none

tunnel-group x.x.x.x type ipsec-l2l

tunnel-group x.x.x.x general-attributes

default-group-policy L2LVPN

- Jouni

3 REPLIES
Super Bronze

Site to Site VPN Tunnel----Keeping tunnel up

Hi Mahesh,

You could try to configure a "group-policy" for the L2L VPN and try setting the "vpn-idle-timeout none" and see if that helps

For example

group-policy L2LVPN internal

group-policy L2LVPN attributes

vpn-idle-timeout none

tunnel-group x.x.x.x type ipsec-l2l

tunnel-group x.x.x.x general-attributes

default-group-policy L2LVPN

- Jouni

New Member

Site to Site VPN Tunnel----Keeping tunnel up

Hi Jouni,

Thats done.

Will see hot it goes.

Best regards

MAhesh

New Member

Site to Site VPN Tunnel----Keeping tunnel up

Hi Joini,

I tested tunnel stays up even without interesting traffic.

Regards

Mahesh

155
Views
0
Helpful
3
Replies
CreatePlease to create content