ESR series service routers.ESR-Series. User manual
9.4.7 DPD configuration example (Dead Peer Detection)
Objective:
Configure Dead Peed Detection on R1 for Policy-based Ipsec VPNbetween R1 and R2.
The initial configuration can be taken from thePolicy-based IPsec VPN configuration example.
Solution:
On R1 in IKE protocol gateway specify the following: DPD operation mode –restart, polling interval – 1 second,
timeout – 4 seconds:
esr# configure
esr(config)# security ike gateway ike_gw1
esr(config-ike-gw)# dead-peer-detection action restart
esr(config-ike-gw)# dead-peer-detection interval 1
esr(config-ike-gw)# dead-peer-detection timeout 4
esr(config-ike-gw)# exit
State of the tunnel can be seen with the command:
esr# show security ipsec vpn status ipsec1
Configuration of the tunnel can be seen with the command:
esr# show security ipsec vpn configuration ipsec1
After the connection between R1 and R2 on R1 is broken, the IPsec tunnel will start rebuilding 4 seconds after
the break.
To Next Page
Loading...