I have a PIX 515 and VPN3015 site-to-site tunnel setup. I was told by a Cisco tech. that I have to ping the other end of the tunnel in order for the tunel to be estashblished. If either my PIX or VPN concentrator are rebooted does the ping have to occur each time. I would expect the tunnel to re-establish automatically since if it is the middle of the night I don't want to have to login and run ping.
tunnels should reestablish automatically provided there is traffic that will force the devices to negotiate them.
there is a risk if one device is rebooted, that the other will think its side of the tunnel is still up for awhile. this can occur if the data limit and key lifetimes are high (if these settings are high, then the devices do not renegotiate these settings all that often). if you expect to have unstable devices, you may want to reduce these values
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...