VPN Keep-Alives
Let us learn about the VPN Keep-Alives.
VPN keep-alive packets determine whether
a given path is reachable for an ION device. VPN keep-alive packets
are sent at a fixed interval on a VPN link. The VPN link is declared
down, if the peer is unreachable after a certain number of attempts
and a certain period of time.
The location of the ION device in a network topology plays an
important role in configuring VPN keep-alives. For example, you need
to configure a higher value of the keep-alive Interval between two
ION devices behind routers as compared to the keep-alive Interval
between two ION devices not behind routers.
VPN keep-alives are configured at the following levels:
The order of precedence for VPN keep-alives is as follows:
VPN keep-alives configured at the secure fabric link level
have the highest priority.
If VPN keep-alives are not configured at the secure fabric link
level, then VPN keep-alives configured at the circuits level take effect.
If VPN keep-alives are not configured at both secure fabric
link level and circuits level, then VPN keep-alives configured at
the circuit categories level take effect.
If there is a mismatch in configuration between two VPN endpoints,
then:
The keep-alive configuration with the larger keep-alive
interval takes effect.
If keep-alive intervals are the same, then the configuration
with the higher keep-alive failure count takes effect.