IPSec tunnel up time

mixig · May 15, 2012, 3:28pm

Hi,

I am having central site with PBX and remote offices with IP phones (there are also IP telephony on central site but that is not important for this story ), i will configured ipsec between remote offices and central location. Remote offices are on dynamic ip addresses while central location is on static ip. I will handle that dynamic ip addresses with scripts. Problem is with ip phones on remote locations.. the ipsec tunnel must be always up because of telephony. I read on forum that solution for ipsec to be always up is the netwatch (onj mikrotik). I need the information for how long will ipsec between two mikrotiks will be up without passing interesting traffic through that ipsec tunnel. Or if you want.. what time do I need to put in netwatch to ping some ip on other side of tunnel?

Key is that tunnel must be 100% of the time UP.

Thanks…

mixig · May 16, 2012, 10:20am

Anybody??

miro1 · May 16, 2012, 10:27am

I have the same problem, please anybody help…

mrz · May 17, 2012, 10:41am

tunnel wil be valid until SA expires. SA expires after configured lifetime in ipsec settings.

mixig · May 17, 2012, 12:24pm

Hi,
if I understand the tunnel will be up without any traffic for lifetime period (default 1day)? with that.. i dont need to generate some addititonal traffic for keeping my ipsec tunnel up? (e.g. like netwatch)
On cisco routers if there is no interesting traffic tunnel wil be dead after 5 min (no matter what is configured in lifetime)..