Hi,
I have an issue trying to keep IPsec tunnel session alive.
There is an IPsec tunnel configured between fortigate and cisco IOS device. Fortigate acts as dialup ipsec vpn server, cisco - client. Cisco router must initiate ikev2 session to bring up this tunnel. The problem is that usually cisco device won't send any traffic, so tunnel goes down after lifetime expires. I need a solution to keep this tunnel always up.
I've tried configuring DPD with no success ("dpd 10 2 periodic" under ikev2 profile on cisco, and "On demand" setting on fortigate).
It is possible to configure "IP sla" on cisco router to ping something on the other end of the tunnel, but this type of configuration doesn't seem right.
Any ideas?
Thanks
No comments:
Post a Comment