Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

isakmp keepalive

Hi

What does crypto isakmmp keepalive xx command do? And how it help to prevent timeout issue?

Thanks

Sai

3 REPLIES
Cisco Employee

Re: isakmp keepalive

Sai,

The below URL should help.

http://www.cisco.com/en/US/docs/ios/12_3t/secur/command/reference/sec_c2gt.html#wp1199835

Regards,

Arul

** Please rate all helpful posts **

Re: isakmp keepalive

Hi Sai,

This command provides the so called Dead Peer Detection (DPD) feature.

When you configure this command, by default keepalive messages are sent with the period xx between the IPSec peers when there is no user traffic. (If there is user traffic, there is no need to check the operational status of the peer).

When the keepalive message is sent, the peer responds to the keepalive message, indicating that it is still alive.

If a dead peer is detected by not receiving responses to the keepalive messages, the IPSec connection can perform stateless failover to an alternative peer.

Alternative peers can be configured in the crypto map command:

set peer x.x.x.x default

set peer y.y.y.y

The peer marked by the default keyword is first used for the VPN connection.

If DPD discovers that it is down, it will initiate a connection with the second peer.

There's of course much more to this feature.

I suggest you to take a look at the link in the previous post.

Cheers:

Istvan

New Member

Re: isakmp keepalive

Thanks for explanation.

287
Views
10
Helpful
3
Replies
CreatePlease login to create content