07-16-2004 03:47 AM
What exactly does the isakmp keepalive do?
What packets are sent? What function does it run?
07-16-2004 05:51 AM
Jonathan,
The crypto isakmp keepalive command is used to send IKE keepalives, which detect the continued connectivity of an IKE security association (SA), between two peer points.
Hope this helps a little,
Jay
07-16-2004 07:04 AM
I assume they would be UDP packets (port 500)?
To what degree do they check the connection?
Is it a "HELLO" "HELLO I got your HELLO" type thing, or is it more complex?
07-16-2004 08:17 AM
Jonathan,
You'll find the answers to your questions here (RFC 3706) : http://www.faqs.org/rfcs/rfc3706.html
DPD (Dead Peer Detection) is used to asertain if the remote peer is alive or not, all explained in the RFC - enjoy the read.
Hope this helps.
Jay
07-16-2004 01:46 PM
I am having a problem with an a tunnel establishing and staying alive. The Cisco TAC rep suggested the problem might be similar to bug CSCdw64626 and that setting the crypto isakmp keepalive to a more aggressive value could solve the problem.
Any idea what an aggressive setting would be?
Thanks,
Rob
07-19-2004 12:02 AM
Jay - Thanks. Exactly what I was looking for.
Rob - Try 10 seconds.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide