[j-nsp] vpn monitor vs dead peer detection

Burkhard Ott bott at revenuewire.com
Thu Aug 30 11:17:59 EDT 2012


On Thu, 30 Aug 2012 14:42:11 +0000
"OBrien, Will" <ObrienH at missouri.edu> wrote:

> We've had issues with vpn monitor tearing down tunnels too often with
> 10. code on SRXs. I'm currently trying out dead peer detection at the
> ike level. I haven't found a good document that describes what dead
> peer detection does - I know it send R-U-THERE etc, but I don't know
> what it does when that fails.

It'll removes the SA and tries to reinitiate the tunnel if it's
configured that way.
I only use DPD since years and it works quite reliable.

-- 
Burkhard Ott
System Administrator
Revenuewire Inc.
1205 - 4464 Markham Street
Victoria, BC V8Z 7X8
250-984-1132


More information about the juniper-nsp mailing list