Eric_T
join:2004-03-22
Belgium
| reply to adiinfo
Re: VPN reconnect
In my experience with similar issues (since then resolved in my setup thanks to some firmware upgrades) you can make the central Z-50 "realise" that there is something wrong with the tunnel by sending some traffic through it.
That doesn't help you much if you're at the remote end trying to re-establish the tunnel, but if there's a server at the central site and if the VPN's are supposed to be up 24*7 then a simple ping script can perform miracles...
We used What'sUp Gold form ipswitch (www.ipswitch.com) to verify which networks & hosts were up and found that it would (eventually) make our Z10W realise a tunnel was down & then re-establish it. |
|
maxusa
Premium
join:2004-05-05
USA
2 edits | Ping script is a good way to trigger the chk_conn timer. The input idle timer is supposed to help when no outbound traffic is expected (can not use chk_conn). Therefore, a combination of both timers on the router shall provide the desired result. Pair this with the other endpoint fine-tuning.
The real world evidence, however, suggests that IPsec interruptions (and loss of service) are inevitable. Our job is to minimize downtime to acceptable levels. |
|
