IKE/IPSec problem
Dana J. Dawson
djdawso at qwest.com
Wed Aug 8 19:22:52 EDT 2001
Jerry Roy wrote:
>
> Hi Guy,
>
> Great find. I believe this does work. I have noticed that the node gets
> purged on the remote side when the clear crypto is is run on the head
> end. A few minutes go by but it does eventually happen. Question, how do
> I set the IKE keepalives?
>
> Best Regards,
>
> Jerry Roy
Use the "crypto isakmp keepalive" command. Cisco says this can be
processor-intensive, and doesn't recommend it in large configurations, but they
have a new feature called "Dead Peer Detection" that's supposed to improve that
situation. I don't know what the command for this is or what IOS it showed up
in (if it's even out yet), but it's something to look into. In general, the
areas of redundancy and resiliency are frequently still high effort activities
with IPSec.
HTH
Dana
--
Dana J. Dawson djdawso at qwest.com
Senior Staff Engineer CCIE #1937
Qwest Global Services (612) 664-3364
Qwest Communications (612) 664-4779 (FAX)
600 Stinson Blvd., Suite 1S
Minneapolis MN 55413-2620
"Hard is where the money is."
VPN is sponsored by SecurityFocus.com
More information about the VPN
mailing list