Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How do IPsec Peers know remote peer is dead?

How do IPsec Peers know remote peer is dead? Now,I need config IPSec between Cisco router and other's router in a case,but cisco router can't know remote peer is dead,so IPsec conversation can't switch over another path when primary path is down

How can cisco ipsec protocol detect the dead of other Vendor's ipsec implement?

  • Other Security Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: How do IPsec Peers know remote peer is dead?

They don't. There is nothing in the ipsec specification to make this work. Cisco has a proprietary method that they have added as an optional setting to many of their devices, but since there is a non cisco device in the mix, you are out of luck.

Your only option is probably to lower to lifetimes of SAs, so that they are renegotiated more frequently. This will likely increase overhead though

2 REPLIES
Silver

Re: How do IPsec Peers know remote peer is dead?

They don't. There is nothing in the ipsec specification to make this work. Cisco has a proprietary method that they have added as an optional setting to many of their devices, but since there is a non cisco device in the mix, you are out of luck.

Your only option is probably to lower to lifetimes of SAs, so that they are renegotiated more frequently. This will likely increase overhead though

ezy
New Member

Re: How do IPsec Peers know remote peer is dead?

Hi,

i don´t know your detailed network, but you can try some kind off GRE tunnels with a routing protocol. Then you have the capabiltiy to switch from one path to another.

Regards

Erich

100
Views
0
Helpful
2
Replies