IPSec dead peer detection
MuniX-1 at PACBELL.NET
Sat Aug 26 23:03:21 EDT 2000
Well, I know that Netscreen Has a VPN monitor tool build in to it
so you can turn this feature on and it will monitor the actual
conectivity via ICMP.
An existing SA, however is not a reliable variable to gather real-time
data of the state of a particular peer.
Does not work quiet righ, just like you said, you have to set the
lifetimes to a short period of time, and sending keepalives.
"Raymakers, Guy" wrote:
> Does someone know about solutions, IPSec implementations that will detect
> weather the remote peer is down or unreachable. I know that e.g. Cisco is
> supporting this, but that's only when the IPsec sessions is setup or
> renewed. I'm more looking for a solution that will detect a 'dead' peer at
> any time whithou having to set a very low SA lifetime .
> Thanks for your answers,
> Best regards,
> VPN is sponsored by SecurityFocus.COM
VPN is sponsored by SecurityFocus.COM
More information about the VPN