IPSec dead peer detection
Michael Medwid
Michael.Medwid at ARIBA.COM
Fri Aug 25 18:07:36 EDT 2000
I just ran into a very similar situation. I have two
Cisco CVPN3030s (Altiga) at a corporate hub and a spoke office.
The two make an IPsec LAN to LAN connection, 3DES, MD5
yadayada. But then the near side 3030 crashed. I waited
nearly an hour but the LAN-LAN connection never came back.
So I had to call the remote office and they had to reboot
the 3030. Then the tunnel came back. I have a ticket open
in Cisco Forum on this also.
-----Original Message-----
From: Yoni Lebowitsch [mailto:yoni at US.RADGUARD.COM]
Sent: Friday, August 25, 2000 11:23 AM
To: VPN at SECURITYFOCUS.COM
Subject: Re: IPSec dead peer detection
Radguard's IPSec VPN boxes detect each other's state automatically,
irrespective of the SAs lifetime. They do do by using keepalives.
Best
Yoni
-----Original Message-----
From: VPN Mailing List [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of
Raymakers, Guy
Sent: Tuesday, August 22, 2000 2:55 AM
To: VPN at SECURITYFOCUS.COM
Subject: IPSec dead peer detection
Hi,
Does someone know about solutions, IPSec implementations that will detect
weather the remote peer is down or unreachable. I know that e.g. Cisco is
supporting this, but that's only when the IPsec sessions is setup or
renewed. I'm more looking for a solution that will detect a 'dead' peer at
any time whithou having to set a very low SA lifetime .
Thanks for your answers,
Best regards,
Guy
VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list