Here's my situation. I have two sites that each have asa 5505's and each have dual ISP's. Currently I'm using sla monitor to failover to the secondary line when there is a detected outage. After this sla failover occurs which seems to be instant, secondary ISP re-establishes the VPN. This process takes about 30 seconds. My thought is that the side which is healthy does not detect the outage due to a preset amount of timeouts and thats where this 30 second delay comes in to re-negotiate the VPN tunnel.
So my question is: can I create a smaller window of time to heartbeat between the two so that the VPN outagage is detected in around 5-10 seconds and thus re-negotiates with the sister sites IP faster?
thanks for the help. yeah they were set on 20 seconds so perhaps lowering this will do the trick. it looks like the tunnel-group keepalives default is 10 seconds with a 2 second retry because when I inputed this it didn't appear in my running config. Is that correct?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...