Incorrect use of the “Ping to Keep IPsec Tunnel alive” settings will cause frequent VPN disconnections. This article explains when this option should be used and will help you to trouble shoot if you have used this option to try maintaining a VPN tunnel.
Do we need to use this Option?
No, generally we do not need to use it. Enabling “PING to keep IPsec tunnel alive” uses ping to detect whether the IPsec VPN tunnel is alive or not. When the ping target IP does not respond to ping request, the Vigor router will regard this IPsec tunnel as dead and will disconnect and reconnect the VPN tunnel repeatedly (about every 20 seconds). VPN devices nowadays, including all Vigor VPN routers, are using Dead Peer Detection to detect the liveness of IPsec tunnel, so we don’t suggest using this option.
When to use this Option
This option could be used in the following cases:
- See frequent VPN disconnections due to DPD timeout in Syslog
- Want to generate traffics over IPsec tunnel from Vigor Router
When using this option, ensure that:
- The Ping target IP should be an IP in remote VPN network
- The Ping target IP can respond to Ping
- Do Not use remote VPN router’s LAN IP as the Ping target IP