Do I need to enable “PING to keep IPsec tunnel alive”?
No, generally we don't need it. Enable “PING to keep IPsec tunnel alive” option is using ping to detect whether the IPsec tunnel is alive or not. When the ping target IP is not responding to ping, Vigor will regard this IPsec tunnel as dead and will disconnect and reconnect the VPN tunnel repeatedly. VPN devices nowadays, including all Vigor VPN routers, are using Dead Peer Detection to detect the liveness of IPsec tunnel, so we don't suggest using this option.
However, this option could be used in the following cases:
- See frequent VPN disconnections due to DPD timeout in Syslog
- Want to generate traffics over IPsec tunnel from Vigor Router
And when using this option, please ensure that:
- The Ping target IP should be an IP in remote VPN network
- The Ping target IP can respond to Ping
- Do Not use remote VPN router's LAN IP as the Ping target IP