IPSec dead peer detection

[Michael Medwid]

I just ran into a very similar situation.  I have two
Cisco CVPN3030s (Altiga) at a corporate hub and a spoke office.
The two make an IPsec LAN to LAN connection, 3DES, MD5
yadayada.  But then the near side 3030 crashed.  I waited
nearly an hour but the LAN-LAN connection never came back.
So I had to call the remote office and they had to reboot
the 3030.  Then the tunnel came back.  I have a ticket open
in Cisco Forum on this also.



-----Original Message-----
From: Yoni Lebowitsch [mailto:yoni at US.RADGUARD.COM]
Sent: Friday, August 25, 2000 11:23 AM
To: VPN at SECURITYFOCUS.COM
Subject: Re: IPSec dead peer detection


Radguard's IPSec VPN boxes detect each other's state automatically,
irrespective of the SAs lifetime. They do do by using keepalives.

Best
Yoni

-----Original Message-----
From: VPN Mailing List [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of
Raymakers, Guy
Sent: Tuesday, August 22, 2000 2:55 AM
To: VPN at SECURITYFOCUS.COM
Subject: IPSec dead peer detection


Hi,

Does someone know about solutions, IPSec implementations that will detect
weather the remote peer is down or unreachable. I know that e.g. Cisco is
supporting this, but that's only when the IPsec sessions is setup or
renewed. I'm more looking for a solution that will detect a 'dead' peer at
any time whithou having to set a very low SA lifetime .

Thanks for your answers,

Best regards,
Guy

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM