I gonna configure ipsec tunnel between to sites. I want that tunnel remain up almost all the time. For this if i configure "crypto ipsec security-association idle-time" to its maximum value, is there any issue doing this. Means i want to not, if it has any disadvange. Will it kill my router resources? As you know when ipsec tunnel come up, it drops few packets and also add delay in communication that i want to mitigate. Need your comments please.
I have a quick question. I have an ipsec tunnel between a pix515 and pix501 and have encounter this many times where the tunnel gets torn down after so many minutes (idle time).
Does the crypto isakmp keepalive need to be configured on both devices or just the side initiating the vpn connect (in this case the pix501 is at our remote site and the pix515 is at our corporate office).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...