IPSec dead peer detection

Jose Muniz MuniX-1 at PACBELL.NET
Sat Aug 26 23:03:21 EDT 2000


Well, I know that Netscreen Has a VPN monitor tool build in to it
so you can turn this feature on and it will monitor the actual
conectivity via ICMP.

An existing SA, however is not a reliable variable to gather real-time
data of the state of a particular peer.
Does not work quiet righ, just like you said, you have to set the
lifetimes to a short period of time, and sending keepalives.



Jose

"Raymakers, Guy" wrote:
>
> Hi,
>
> Does someone know about solutions, IPSec implementations that will detect
> weather the remote peer is down or unreachable. I know that e.g. Cisco is
> supporting this, but that's only when the IPsec sessions is setup or
> renewed. I'm more looking for a solution that will detect a 'dead' peer at
> any time whithou having to set a very low SA lifetime .
>
> Thanks for your answers,
>
> Best regards,
> Guy
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list