My VPN connects two sites (FW-1 to FW-1) and when there is a fairly long period with no traffic, the VPN drops and needs to be renegotiated. It appears, however, that only one VPN end device drops the VPN with the other thinking that it is still up. This results in failure to connect to remote devices at the first attempt. All subsequent attempts to connect to remote devices succeed. Is there anything that I can do to ensure that both ends of the VPN tunnel drop the connection when it times out?
FW-1 has been known to have these problems in site to site configurations so you are not alone. A good site for FW-1 info that covers issues such as the one you are having is Phoneboy (don't ask me why they chose that name) http://www.phoneboy.com/. I have heard that the simplest way to fix the problem is to create an artificial heartbeat between two devices on either side of the connection. If you have two windows machines it's real easy, just put them in the same workgroup; netbios will handle the rest (it's very chatty). If you don't want to do that, you can configure FW-1 properly to fix the problem. You'll have to check the site for the exact steps.
Dig Deeper on Network Security Best Practices and Products
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.