Knowledgebase: VPN and Remote Access
Using the “Enable Ping to Keep IPsec Tunnel alive” option
Posted by Roy Panetta on 11 April 2016 01:48 PM

Incorrect use of the “Ping to Keep IPsec Tunnel alive” settings will cause frequent VPN disconnections. This article explains when this option should be used and will help you to trouble shoot if you have used this option to try maintaining a VPN tunnel.

Picture-1

Do we need to use this Option?

No, generally we do not need to use it. Enabling “PING to keep IPsec tunnel alive” uses ping to detect whether the IPsec VPN tunnel is alive or not. When the ping target IP does not respond to ping request, the Vigor router  will regard this IPsec tunnel as dead and will disconnect and reconnect the VPN tunnel repeatedly (about every 20 seconds). VPN devices nowadays, including all Vigor VPN routers, are using Dead Peer Detection to detect the liveness of IPsec tunnel, so we don't suggest using this option.


When to use this Option


This option could be used in the following cases:

  •          See frequent VPN disconnections due to DPD timeout in Syslog
  •          Want to generate traffics over IPsec tunnel from Vigor Router


When using this option, ensure that:

  •          The Ping target IP should be an IP in remote VPN network
  •          The Ping target IP can respond to Ping
  •          Do Not use remote VPN router's LAN IP as the Ping target IP

 

 

(2 vote(s))
Helpful
Not helpful

Comments (0)