IPSEC heartbeat in CISCO

Stephen Hope SHOPE at DATARANGE.CO.UK
Thu May 11 03:25:39 EDT 2000


Hi

The recent IPsec code on the cisco routers can support a heartbeat
to detect broken connections and allow reconnect to an alternate
central IPSec router.

Cisco claim this is an enhancement as there is no other mechanism in IPsec
to detect a broken connection apart from setting a low renegotiate key timer
- i dont know the standards well enough to comment on that.

Main use for this is for resilience at a central site.

Stephen

Stephen Hope C. Eng, Network Consultant, shope at datarange.co.uk,
Datarange Communications PLC, part of Energis, WWW:
http://www.datarange.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4190 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189


> -----Original Message-----
> From: Ryan Russell [mailto:ryan at SECURITYFOCUS.COM]
> Sent: Wednesday, May 10, 2000 6:44 PM
> To: VPN at SECURITYFOCUS.COM
> Subject: Re: IPSEC heartbeat in CISCO
>
>
> Just use a link-state routing protocol over the VPN.  That's
> the sort of
> reason the routing protocols exist.
>
> 				Ryan
>
>
> > I'm running IPSec on CISCO routers to build VPN betwween
> some sites.Those
> > sites also have a low and expensive ;-) bandwith private
> WAN. What I want is
> > to detect a failure of the VPN (either Internet access is
> down either the
> > peer is down) so that I can re-route traffic on my private WAN.
> > The hearbeat mechanism (as defined in IPSEC drafts) seems a perfect
> > candidate for this function but is it supported by CISCO( I
> can't find any
> > information in docs)?
>
> VPN is sponsored by SecurityFocus.COM
>

-----------------------------------------------------------------------------------------------------------

This email is confidential and intended solely for the use of the individual to
whom it is addressed. Any views or opinions presented are solely those of the
author and do not necessarily represent those of Datarange Communications PLC.
If you are not the intended recipient, be advised that you have received this
email in error and that any use, dissemination, forwarding, printing, or copying
of this email is strictly prohibited.

We have an anti-virus system installed on all our PC's and therefore any files
leaving us via e-mail will have been checked for known viruses.
Datarange Communications PLC accepts no responsibility once an e-mail
and any attachments leave us.

If you have received this email in error please notify Datarange Communications
IT department on +44 (0) 1494 476222..
-----------------------------------------------------------------------------------------------------------

VPN is sponsored by SecurityFocus.COM




More information about the VPN mailing list