vEdge Modify IKE Dead-Peer Detection

Information

IKE uses a dead-peer detection mechanism to determine whether the connection to an IKE peer is functional and reachable. To implement this mechanism, IKE sends a Hello packet to its peer, and the peer sends an acknowledgment in response. By default, IKE sends Hello packets every 10 seconds, and after three unacknowledged packets, IKE declares the neighbor to be dead and tears down the tunnel to the peer. Thereafter, IKE periodically sends a Hello packet to the peer, and re-establishes the tunnel when the peer comes back online.

See https://www.cisco.com/c/en/us/td/docs/routers/sdwan/configuration/security/vedge-20-x/security-book/config-sec-param.html for more information.

Solution

You can change the liveness detection interval to a value from 0 through 65535, and you can change the number of retries to a value from 0 through 255.

vEdge(config-interface-ipsecnumber)# dead-peer-detection seconds retries number

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-4

Plugin: Cisco_Viptela

Control ID: 631a0982d61b7500de2516a67b43a7ac85adb039c3512d00ee260435984dddb3