How can I make my ISAKMP keepalive connection get monitored mor aggessively? Sometimes the tunnel will go down and not come back for a while unless I manually force it? It's a Cisco 1811 to a cisco ASA.
Take a look at "periodic DPD" which allows you to establish a retry interval, and is not dependent on waiting until there is traffic to be sent through the tunnel.
IOS e.g.: crypto isakmp keepalive 30 10 periodic
Peers would exchange messages every 30 seconds. If a message was not received when it was expected (30 sec. since the last received), it can query the far side. If three queries go unanswered, SAs will be cleared from the SADB.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...