From: Marvin Greenlee (marvin@ipexpert.com)
Date: Wed Feb 21 2007 - 03:46:51 ART
Isakmp keepalives / DPD comes to mind.
"...The following example shows that DPD messages have been configured to be
sent every 60 seconds and every 5 seconds between retries if the peer does
not respond:
crypto isakmp profile vpnprofile
keepalive 60 retry 5
..."
Marvin Greenlee, CCIE #12237 (R&S, SP, Sec)
Senior Technical Instructor - IPexpert, Inc.
"When Will You Be an IP Expert?"
marvin@ipexpert.com
http://www.IPexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Joshua
Sent: Wednesday, February 21, 2007 1:31 AM
To: ccielab@groupstudy.com
Subject: Site-to-Site IPSec VPN renegotiation
Hi,
We have a remote location connecting to Corp network via site-to-site IPSec
VPN. The remote site has a DSL link to Internet and is not reliable. When
the link bounced, VPN tunnel doesn't recover automatically. We have to
manually reset IPSect SA to bring the tunnel back. I wonder if there is a
dynamic way to renegotiate between remote site and the hub.
Thanks!
This archive was generated by hypermail 2.1.4 : Thu Mar 01 2007 - 07:38:47 ART