I have 2 PIX firewall at a clients place that are running a site-site VPN tunnel between them. What I am looking for is how to set the tunnel to never disconnect between the 2 sites. What values and/or commands do I need to perform to make this happen?
Just curious... are there no settings in the PIX itself that keeps the tunnel alive 24/7? No timeout settings one can fiddle around with to make this happen?
I would think that such a setting would be very well received by the industry, since more and more people are using VPN's to connect different offices together and demand a permanent connection that doesn't timeout. Especially now since most companies are using broadband connections with unlimited download/upload and 24/7 connectivity.
So much I have gathered. My problem however is that my client uses IBM AS/400 Client Access Mananger to connect to a AS/400 machine via the VPN tunnel. What happens is that the tunnel disconnects when the Client Access Manager hasn't been in use for some time, which results in a logout on the Client Access Manager. The customer must then restart the Client Access Manager and login again. It's a bit annoying for them.
This is why I ask if there is any way one can keep the tunnel permanently up 24/7... in the shape or form of a setting on the PIX itself
If it cannot be done on the PIX itself, I will just have to enable some service (NTP or such) to poll at certain intervals. I would however like this to be the last resort to solving my problem.
Hi, what the previous post said is true, but I was wondering - Isn't there a time out setting for the Client Access Manager on the AS/400 (I'm not a AS/400 expert), if there is one, surely you could set the time out to '0' or something so that it never times out and hence your client doesn't lose the connection!!
The real problem is that the AS/400 software doens't really time out.... it just doesn't send any form of traffic while logged in and in idle usage. Either that or it sends "keep-alives" at a higher interval then what the VPN tunnel disconnect-settings. So the VPN sees that no traffic is being passed over the tunnel and disconnects after a while. Only when one starts using the AS/400 software again will the tunnel be re-established, but not fast enough for the software client to think it is still connected.
According to my AS/400 expert here at my company, there is no timeout functions to be set on either side. Still find that hard to believe myself, but then again... I am not an AS/400 expert either.
But I guess my solutions is to install a schedule on the remote site PC, which will ping the AS/400 every 10'th minute or so... just to keep the connection up while the PC that is running the AS/400 Client software is turned on.
Would have been nice to have a setting in the PIX that would prevent any shape or form of disconnection of the VPN tunnel, so it truely would be up 24/7. :-)
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...