When there is no traffic traversing the tunnel, the tunnel will go down after it times out.
You can select an arbitrary private /30 network, and configure the IP addresses to the Tunnel Interfaces at the end of both tunnels.
IP on Tunnel Interface Endpoint A:
IP on Tunnel Interface Endpoint Z
If one of the two endpoints is the tunnel initiator, go to that endpoint. Select (Network> IPSec Tunnels: <Your Tunnel>)
(If the initiator was "Endpoint A" in our example...)
Once opened, mark the checkbox for "Tunnel Monitor". Enter the IP address of Endpoint Z. You can leave the Profile on None.
This will cause ICMP packets to be sent every few seconds, thus maintaining the tunnel up at all times.
You don't need to configure Tunnel Monitor at both ends, unless you need it. In some cases configuring it at both ends can cause the tunnel to flap.
I understand the frustration. I had the exact same problem. It was only occurring on one tunnel and not the others. Its like the others are saying, the tunnel is "dying" because there isn't any traffic traversing it so it times out. Why it can't renegotiate after the timeout and come back up is beyond me. The cure is to keep it from dying and tunnel monitoring should resolve that. It will need to rekey once in a while but that should be transparent and nobody should notice any interruption in the tunnel. Also, if phase 1 is going down, but phase 2 is up...your traffic should still be able to cross the tunnel. Phase 1 sets up the agreements needed for phase 2. Phase 2 is used to determine encryption parameters for bulk data encryption. Phase 2 is the important phase, although phase 2 doesn't exist without phase 1. I hope this helps a little.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!