Skip to main content

VPN Tunnel Wake Up.

More
16 years 6 months ago #25766 by caelwind
VPN Tunnel Wake Up. was created by caelwind
I just setup a site to site ipsec VPN tunnel to a client site. After a while of no traffic (overnight) I have to bring the tunnel up again by creating traffic on my side. Is there a way to let the traffic from the client side to bring up the tunnel?

Thanks,
Caelwind
More
16 years 6 months ago #25767 by Elohim
Replied by Elohim on topic Re: VPN Tunnel Wake Up.
Either side can bring up the tunnel. Set up something to send ping across.

I just setup a site to site ipsec VPN tunnel to a client site. After a while of no traffic (overnight) I have to bring the tunnel up again by creating traffic on my side. Is there a way to let the traffic from the client side to bring up the tunnel?

Thanks,
Caelwind

More
16 years 6 months ago #25772 by Chris
Replied by Chris on topic Re: VPN Tunnel Wake Up.
caelwind,

As Elohim mentioned, either side can bring the tunnel up if both sides are using Static IP Addresses. If the client side is using dynamic IP addressing, then only the central site can bring up the IPSec tunnel.


Cheers,

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
16 years 6 months ago #25773 by skylimit
Replied by skylimit on topic Re: VPN Tunnel Wake Up.

caelwind,

As Elohim mentioned, either side can bring the tunnel up if both sides are using Static IP Addresses. If the client side is using dynamic IP addressing, then only the central site can bring up the IPSec tunnel.


Cheers,


Hi Chris,

Just out of curiousity, is there a command or a way to bring the tunnel linking the two sites up assuming both ends are using a static IP. i.e. apart from manually pinging the tunnel end IP.

Many thanks

"...you are never too old to learn" anon
More
16 years 6 months ago #25776 by Chris
Replied by Chris on topic Re: VPN Tunnel Wake Up.
skylimit,

To the best of my knowledge, I don't think there is. Each IPSec tunnel has a specific lifetime value specified by the crypto map command " set security-association lifetime seconds 86400 " , once this timer is up, the tunnel will go down.

Either case, if you've configured the tunnel correctly, it should come back up immediately after the first packet has gone through, assuming you've got static IP addresses on both ends.

If someone else knows of a command to keep a tunnel up with only one end being a public static IP address , it would be great to hear it!

Cheers,

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
16 years 6 months ago #25783 by skylimit
Replied by skylimit on topic Re: VPN Tunnel Wake Up.
Thanks Chris.

"...you are never too old to learn" anon
Time to create page: 0.148 seconds