Many people are using VPN technology today to ensure data confidentiality between remote locations. When using a site-to-site type VPN (say between a Router and a Firewall), a common complaint among end users is intermittent delay before VPN traffic is successful. This is usually due to Security Associations (SA) becoming too old requiring a ‘VPN refresh'; while the VPN devices are refreshing the SA, the user sits and waits.

A simple solution to this is to have the router generate traffic, simulating user traffic and keeping the VPN active.

We can do this with a Round Trip Responder (RTR):

config terminal
rtr 1
type echo protocol ipIcmpEcho source-ipaddr
frequency 3600
rtr schedule 1 life forever start-time now


The preceding configuration will configure a Cisco router to generate IP ICMP traffic between LAN's through the VPN keeping the SA's refreshed.

Short and sweet.  We hope this helps.

Comments powered by CComment

Did you learn something?
Did I save you time? 

Buy me a coffeeBuy me a coffee!