Example 2210 Applying Dynamic Crypto Maps to the Interface

NewYork#configure terminal NewYork(config)#interface serial 0/0 NewYork(config-if)#crypto map windham-map

NewYork(config-if)#exit

Enable IKE DPD

As discussed previously in this chapter, IKE DPD monitors the status of the connection by sending keepalives when there is no traffic passing over the connection. This monitoring allows the system to ensure the connection is functioning and removes any resources that are not required when the connection drops. When configuring IKE DPD, you just need to tell the router how often to send the keepalive message and how long to wait between retries if it does not get a response. The range for the keepalive messages is between 10 and 3600 seconds, and the range for the retries is between 2 and 60 seconds. The command for enabling IKE DPD is as follows:

crypto isakmp keepalive seconds retries

Example 22-11 depicts this configuration on the router, enabling a keepalive packet every 60 seconds and specifying to retry every 20 seconds if it does not get a response.

0 0

Post a comment