Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.
During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.
We apologize for the inconvenience while we perform important updates to the Community.
I have a dynamic to static pix 501 to pix 501 os 6.3 configuration. I would like to use keepalives to re-establish the tunnel in case the tunnel goes down. Can this be done?
Solved! Go to Solution.
You can use dead peer detection to ensure the tunnel doesn't go down...but I don't think that will bring it back up if it goes down.
isakmp keepalive 10
it doesn't bring it back up. i'm trying to prepare for the unavoidable power or internet outage that would bring the connection down. i would like the static location to reconnect without effort from the customer on that end. :)
that's a good idea. a ping will bring it up. some type of ping utility would also work. i was just looking for a solution on the firewall.
unfortunately the way this has worked out, the static pix is at the remote site. that could be changed but it would be easier to work around it.
sorry, i'm kinda slow. a syslog service on the remote computer with the main office (dynamic pic) logging to the remote syslog should work. Think?
Ya, same difference. As long as the computer has data to send. I was confused before which end was dynamic. What I should have said, since your main end is dynamic, is to have your pix or a computer syslog or ntp to something at the remote site.
EasyVPN was built for this - dynamic IP remote VPN endpoints to static head end.
Why involve more points of failure to the mix when you can have the firewalls take care of the tunnel.
Just my 2cents.