26 July, 2013

VTI interface keepalives

IPsec tunnel running over VTI Tunnel interfaces. Shutting a physical interface (that the VTI uses) does NOT bring down the Tunnel interface on the other side of the link. Shutting the VTI Tunnel interface brings down both Tunnel interfaces on either side.

Hint for solution: http://www.cisco.com/en/US/tech/tk827/tk369/technologies_tech_note09186a008040a17c.shtml#backinfo

OR:

track 1 ip sla 1 reachability
!
ip sla 1
 icmp-echo 10.11.0.138 source-interface Tunnel1
 frequency 5
ip sla schedule 1 life forever start-time now
!
ip route 9.9.9.9 255.255.255.255 Tunnel1 track 1
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)