I have ASA running 9.8 code. have an Ipsec tunnel with AWS. Issue is that the server on the aws side can't "bring up the tunnel" with pings. I can bring up the tunnel with a ping stays up for the typical 30mins (no traffic) down tunnel goes. I have zero errors on my side in my logs.
Naturally if I keep a constant ping going tunnel stays up due to the 30min idle time-out. But doing pings every 15 mins via an SLA monitor isn't a real solution. I need the AWS side to have ability to bring up tunnel since they are "pushing" data to me.
What is the AWS vpn side missing? Is it something in their phase 1 crypto-map that defines interesting traffic? Once phase 1 is done, the tunnel is up traffic flows both ways.
Saw some older 2-3yr posts about similar issues, but that was 2-3yrs ago, surely much has changed since then?
No comments:
Post a Comment