IPSec dead peer detection

Jose Muniz MuniX-1 at PACBELL.NET
Sun Aug 27 15:36:33 EDT 2000


Hello Ray;

Well, now that I read the thread the question is are the two central
peers
toghether? In the same cage? If this is the case then you can set this
HA mechanism that you have the 2 IPSec gateways [If this are IPSec
servers] then place them behind a pair of IPSec gateway and save CPU
cycles. Anyway, this mechanism works nice because if one of the central
peers
is down the other will take over automatically in a matter of 10
seconds.
With session sync and same IP.

If want something more dynamic the try running OSPF over it.

"Raymakers, Guy" wrote:
>
> Hi Dante,
>
> I'm more looking for a solution where you have two central VPN Servers
> (peer1 and peer2). If a remote VPN peer is connected to peer1 and peer1
> dies, then the remote peer should automatically switch to the second peer or
> peer2. Do you know whether such things exists ?
>
> Best regards,
> Guy
>
> -----Original Message-----
> From: Dante Mercurio [mailto:Dante at webcti.com]
> Sent: vrijdag 25 augustus 2000 00:00
> To: Raymakers, Guy
> Subject: RE: IPSec dead peer detection
>
> I haven't seen it implemented into a tunnel monitor, though WatchGuard's
> implementation with VPN Manager installed comes close to what you are
> asking. What it won't do, however, is send any kind of notification if the
> connection is down, though it will show it in the VPN manager screen.
>
> One solution you may look into is an AlertPage, pinger, or similiar program
> that will contact a host on the far side of the tunnel at given intervals
> and send an alert if they can not reach it, thus indicating either that host
> or the tunnel is down.
>
> -Dante
>
> > -----Original Message-----
> > From: Raymakers, Guy [mailto:guy.raymakers at EDS.COM]
> > Sent: Tuesday, August 22, 2000 5:55 AM
> > To: VPN at SECURITYFOCUS.COM
> > Subject: IPSec dead peer detection
> >
> >
> > Hi,
> >
> > Does someone know about solutions, IPSec implementations that
> > will detect
> > weather the remote peer is down or unreachable. I know that
> > e.g. Cisco is
> > supporting this, but that's only when the IPsec sessions is setup or
> > renewed. I'm more looking for a solution that will detect a
> > 'dead' peer at
> > any time whithou having to set a very low SA lifetime .
> >
> > Thanks for your answers,
> >
> > Best regards,
> > Guy
> >
> > VPN is sponsored by SecurityFocus.COM
> >
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list