214 Chapter 13 VPNNN47922-500Keep AliveWhen you initiate an IPSec tunnel with keep alive enabled, the Business SecureRouter automatically renegotiates the tunnel when the IPSec SA lifetime periodexpires (see “Configuring advanced Branch office setup” on page 241 section formore information about the IPSec SA lifetime). The keep alive option is availablewith the Contivity Client rule. See the VPN Contivity Client Rule Setup screen(Figure 70 on page 217). In effect, the IPSec tunnel becomes an always onconnection after you initiate it. Both VPN switches must have a Business SecureRouter compatible keep alive feature enabled in order for this feature to work.If the Business Secure Router has its maximum number of simultaneous IPSectunnels connected to it and they all have keep alive enabled, then no other tunnelscan take a turn connecting to the Business Secure Router because the BusinessSecure Router does not drop the tunnels that are already connected (unless there isoutbound traffic with no inbound traffic).Nailed UpThe nailed up feature is similar to the keep alive feature. When you initiate anIPSec tunnel with nailed up enabled, the Business Secure Router automaticallyrenegotiates the tunnel when the IPSec SA lifetime period expires (see“Configuring advanced Branch office setup” on page 241 for more informationabout the IPSec SA lifetime). The nailed up option is available with the branchEdit Click the radio button next to a VPN index number and then click Edit toedit a specific VPN policy.Delete Click the radio button next to a VPN policy number you want to deleteand then click Delete. When a VPN policy is deleted, subsequentpolicies do not move up in the page list.Note: No matter whether or not keep alive is set, when there isoutbound traffic with no inbound traffic, the Business Secure Routerautomatically drops the tunnel after two minutes.Table 49 SummaryLabel Description