isakmp keepalive

J2NoomSai_2 · ‎10-03-2008

Hi

What does crypto isakmmp keepalive xx command do? And how it help to prevent timeout issue?

Thanks

Sai

ajagadee · ‎10-03-2008

Sai,

The below URL should help.

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_c2gt.html#wp1199835

Regards,

Arul

** Please rate all helpful posts **

Istvan_Rabai · ‎10-03-2008

Hi Sai,

This command provides the so called Dead Peer Detection (DPD) feature.

When you configure this command, by default keepalive messages are sent with the period xx between the IPSec peers when there is no user traffic. (If there is user traffic, there is no need to check the operational status of the peer).

When the keepalive message is sent, the peer responds to the keepalive message, indicating that it is still alive.

If a dead peer is detected by not receiving responses to the keepalive messages, the IPSec connection can perform stateless failover to an alternative peer.

Alternative peers can be configured in the crypto map command:

set peer x.x.x.x default

set peer y.y.y.y

The peer marked by the default keyword is first used for the VPN connection.

If DPD discovers that it is down, it will initiate a connection with the second peer.

There's of course much more to this feature.

I suggest you to take a look at the link in the previous post.

Cheers:

Istvan

J2NoomSai_2 · ‎10-03-2008

Thanks for explanation.