[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heartbeats (was RE: keepalives)

To: ipsec@lists.tislabs.com
Subject: Re: Heartbeats (was RE: keepalives)
From: "Michael C. Richardson" <mcr@sandelman.ottawa.on.ca>
Date: Wed, 08 Dec 1999 16:32:46 -0500
In-Reply-To: Your message of "Wed, 08 Dec 1999 15:16:34 EST." <384EBCA2.3DDA6C0A@ire-ma.com>
Sender: owner-ipsec@lists.tislabs.com

>>>>> "Slava" == Slava Kavsan <bkavsan@ire-ma.com> writes:
    Slava> "Michael C. Richardson" wrote:

    >> I agree.  I would advocate in the gateway->client case sending an ICMP
    >> ping to the client's internal address, from the gateway's internal
    >> address on the primary phase 2 SA. This ought to fit into the typical
    >> setup's SPD.

    Slava> What do you mean by "primary" Phase 2 SA? Does it mean that this
    Slava> IPSec SA should allow ICMP?

  I mean, if you have only one phase 2 SA, then you can use it. If you have
multiple phase 2 SAs, or you have accounting issues, then you shouldn't mind
creating an ICMP-only SA.
  My use of "primary" was confusing.

   :!mcr!:            |  Cow#1: Are you worried about getting Mad Cow Disease?
   Michael Richardson |  Cow#2: No. I'm a duck.
 Home: <A HREF="http://www.sandelman.ottawa.on.ca/People/Michael_Richardson/Bio.html">mcr@sandelman.ottawa.on.ca</A>. PGP key available.

Follow-Ups:

Re: Heartbeats (was RE: keepalives)

From: Slava Kavsan <bkavsan@ire-ma.com>

References:

Re: Heartbeats (was RE: keepalives)

From: Slava Kavsan <bkavsan@ire-ma.com>

Prev by Date: Re: Heartbeats (was RE: keepalives)
Next by Date: Re: Heartbeats (was RE: keepalives)
Prev by thread: Re: Heartbeats (was RE: keepalives)
Next by thread: Re: Heartbeats (was RE: keepalives)
Index(es):
- Main
- Thread