Filter
Top Products
204 Chapter 13 VPN
N0115790
Keep Alive
When you initiate an IPSec tunnel with keep alive enabled, the BCM50a
Integrated Router automatically renegotiates the tunnel when the IPSec SA
lifetime period expires (see “Configuring advanced Branch office setup” on
page 233 section for more information about the IPSec SA lifetime). The keep
alive option is available with the Contivity Client rule. See the VPN Contivity
Client Rule Setup screen (Figure 68 on page 207). In effect, the IPSec tunnel
becomes an always on connection after you initiate it. Both IPSec routers must
have a BCM50a Integrated Router compatible keep alive feature enabled in order
for this feature to work.
If the BCM50a Integrated Router has its maximum number of simultaneous IPSec
tunnels connected to it and they all have keep alive enabled, then no other tunnels
can take a turn connecting to the BCM50a Integrated Router because the BCM50a
Integrated Router does not drop the tunnels that are already connected (unless
there is outbound traffic with no inbound traffic).
Nailed up
The nailed up feature is similar to the keep alive feature. When you initiate an
IPSec tunnel with nailed up enabled, the BCM50a Integrated Router
automatically renegotiates the tunnel when the IPSec SA lifetime period expires
(see “Configuring advanced Branch office setup” on page 233 for more
Edit Click the radio button next to a VPN index number and then click Edit to
edit a specific VPN policy.
Delete Click the radio button next to a VPN policy number you want to delete
and then click Delete. When a VPN policy is deleted, subsequent
policies do not move up in the page list.
Note: No matter whether or not keep alive is set, when there is
outbound traffic with no inbound traffic, the BCM50a Integrated Router
automatically drops the tunnel after two minutes.
Table 46 Summary
Label Description