IPSec dead peer detection

Dana J. Dawson dana at INTERPRISE.COM
Fri Aug 25 15:43:21 EDT 2000


"Raymakers, Guy" wrote:

> Hi,
>
> Does someone know about solutions, IPSec implementations that will detect
> weather the remote peer is down or unreachable. I know that e.g. Cisco is
> supporting this, but that's only when the IPsec sessions is setup or
> renewed. I'm more looking for a solution that will detect a 'dead' peer at
> any time whithou having to set a very low SA lifetime .
>
> Thanks for your answers,
>
> Best regards,
> Guy
>
> VPN is sponsored by SecurityFocus.COM

Cisco now supports IKE SA keepalives to address exactly this problem.  You can
read about it here:

<http://www.cisco.com/warp/public/cc/so/neso/vpn/vpne/vpne_an.htm>

HTH

Dana

--
Dana J. Dawson                              dana at interprise.com
Distinguished Principal Engineer            CCIE #1937
Qwest Communications International, Inc.    (612) 664-3364
600 Stinson Blvd., Suite 1S                 (612) 664-4779 (FAX)
Minneapolis  MN  55413-2620

"Hard is where the money is."

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list