Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

security vpn ipsec ike-group <name> dead-peer-detection

Defines the behavior if the VPN peer becomes unreachable.

set security vpn ipsec ike-group name dead-peer-detection [ action action | interval interval | timeout timeout ]
delete security vpn ipsec ike-group name dead-peer-detection
show security vpn ipsec ike-group name dead-peer-detection

Default values are used.

name
The name to be used to refer to this IKE configuration.
action
Specifies the action to be taken if the timeout interval expires. Supported values are as follows:

hold—Queue packets until the tunnel comes back up. This is the default value.

clear—Delete the connection information.

restart—Attempt to restart the tunnel.

interval
The interval, in seconds, at which IKE keep-alive messages will be sent to VPN peers. The numbers range from 15 through 86400. The default is 30.
timeout
The interval, in seconds, after which if the peer has not responded the defined action will be taken. The numbers range from 30 through 86400. The default is 120.

Configuration mode

security {
        vpn {
            ipsec {
                ike-group name {
                    dead-peer-detection {
                        action action
                        interval interval
                        timeout timeout
                }
            }
        }
    }
}

Use this command to specify how the system should detect dead IPsec VPN peers.

Use the set form of this command to configure dead peer detection.

Use the delete form of this command to remove dead peer detection configuration.

Use the show form of this command to view dead peer detection configuration.