Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Remote Access VPN client, cant connect until ping from server

I am having an issue where we our remote vpn users from our sister company cant connect to certain servers unless the server pings their address first. AFter it pings them, they can connect. Not sure what to look for..any suggestions?

thanks

2 REPLIES
New Member

Re: Remote Access VPN client, cant connect until ping from serve

on the asa at sister company there is a setting vpn-idle-timeout 30

Does this mean with no activity from the other end it drops communication with that device? The vpn session itself doesnt drop just it connection with a particular server...thanks

Bronze

Re: Remote Access VPN client, cant connect until ping from serve

Sounds like a typical Phase 2 SA negotiation. It's typical to see 1 unsuccessful ping while the Phase 2 SA is built.

In regards to the vpn-idle-timeout..

With DPD keepalives enabled, the tunnel will be deleted if DPD packets are exchanged for 30 minutes.

Without DPD keepalives enabled, the tunnel will be deleted if no encaps/decaps are sent/received within 30 minutes.

237
Views
0
Helpful
2
Replies