10-03-2008 09:56 AM - edited 03-09-2019 09:36 PM
Hi
What does crypto isakmmp keepalive xx command do? And how it help to prevent timeout issue?
Thanks
Sai
10-03-2008 10:54 AM
Sai,
The below URL should help.
http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_c2gt.html#wp1199835
Regards,
Arul
** Please rate all helpful posts **
10-03-2008 11:59 AM
Hi Sai,
This command provides the so called Dead Peer Detection (DPD) feature.
When you configure this command, by default keepalive messages are sent with the period xx between the IPSec peers when there is no user traffic. (If there is user traffic, there is no need to check the operational status of the peer).
When the keepalive message is sent, the peer responds to the keepalive message, indicating that it is still alive.
If a dead peer is detected by not receiving responses to the keepalive messages, the IPSec connection can perform stateless failover to an alternative peer.
Alternative peers can be configured in the crypto map command:
set peer x.x.x.x default
set peer y.y.y.y
The peer marked by the default keyword is first used for the VPN connection.
If DPD discovers that it is down, it will initiate a connection with the second peer.
There's of course much more to this feature.
I suggest you to take a look at the link in the previous post.
Cheers:
Istvan
10-03-2008 12:15 PM
Thanks for explanation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide