Note: Cisco ASA IPSec Tunnel Behaviour

This is my note about ASA IPsec Site-to-site behaviour that I found. The VPN tunnel is down when there is no traffic between the two site (A to B), even when you have configure it.

The solution is simple, just send a simple traffic such as ICMP ping to any private address in the other end, for instance


When the tunnel is required, it will be activated automatically.

To make sure you can issue this command to view the tunnel:

show isakmp sa


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s