[c-nsp] IPSec peers not responding - advice

Peter Hicks peter.hicks at poggs.co.uk
Tue Apr 18 10:52:34 EDT 2006


All,

I have 40+ remote VPN sites, and a handful of them have gotten in to the
habit of switching their routers off when not in use.  Naturally, this
makes monitoring them problematic, so they're subject to a much worse SLA
(i.e. reactive, not proactive).

Discussing wasted CPU cycles on the hub routers with a colleague of mine,
I suggested (and he validated) having the hub routers acting passively,
not attempting to establish a VPN connection, but instead responding.

Is this possible?  If so, are there any downsides to doing this?

Best wishes,


Peter.

-- 
Peter Hicks | e: my.name at poggs.co.uk | g: 0xE7C839F4 | w: www.poggs.com

  A: Because it destroys the flow of the conversation
  Q: Why is top-posting bad?



More information about the cisco-nsp mailing list