VPN Keep-Alives

Let us learn about the VPN Keep-Alives.
VPN keep-alive packets determine whether a given path is reachable for an ION device. VPN keep-alive packets are sent at a fixed interval on a VPN link. The VPN link is declared down, if the peer is unreachable after a certain number of attempts and a certain period of time.
The location of the ION device in a network topology plays an important role in configuring VPN keep-alives. For example, you need to configure a higher value of the keep-alive Interval between two ION devices behind routers as compared to the keep-alive Interval between two ION devices not behind routers.
VPN keep-alives are configured at the following levels:
The order of precedence for VPN keep-alives is as follows:
  • VPN keep-alives configured at the secure fabric link level have the highest priority.
  • If VPN keep-alives are not configured at the secure fabric link level, then VPN keep-alives configured at the circuits level take effect.
  • If VPN keep-alives are not configured at both secure fabric link level and circuits level, then VPN keep-alives configured at the circuit categories level take effect.
If there is a mismatch in configuration between two VPN endpoints, then:
  • The keep-alive configuration with the larger keep-alive interval takes effect.
  • If keep-alive intervals are the same, then the configuration with the higher keep-alive failure count takes effect.

Recommended For You