We hava a VPN printer that our IBM AIX system sends print jobs to. Things do work Monday to Friday but not over the weekend. I have noticed that the tunnel do expire over the weekend due to lack of interesting traffic (the users do not work on weekends). When you issue a ping, the tunnel comes back up and the printer reply on the ping successfully. It seems like the printer alone can not generate interesting traffic. What can I do to make the tunnel stay up over the weekend? Thank you.
The valid time argument for IPsec security association timeout is from 60 Sec to 86400 Sec ( 24 Hours ) so I dont think even the Max Value would help you for the WeekEnd. I would say set up some CronJob script on one of the Machine to initiate a Connection every 8-12 Hours and increase the crypto Lifetime.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...