Many people are using VPN technology today to ensure data confidentiality between remote locations. When using a site-to-site type VPN (say between a Router and a Firewall), a common complaint among end users is intermittent delay before VPN traffic is successful. This is usually due to Security Associations (SA) becoming too old requiring a ‘VPN refresh’; while the VPN devices are refreshing the SA, the user sits and waits.
A simple solution to this is to have the router generate traffic, simulating user traffic and keeping the VPN active.
We can do this with a Round Trip Responder (RTR):
config terminal
rtr 1
type echo protocol ipIcmpEcho source-ipaddr
frequency 3600
rtr schedule 1 life forever start-time now
The preceding configuration will configure a Cisco router to generate IP ICMP traffic between LAN’s through the VPN keeping the SA’s refreshed.
Short and sweet. We hope this helps.