IKE does not provide peer status detection. In IPSec communication, if one end becomes faulty, the other end may not detect the fault because of system failures and continues to send IPSec packets to the faulty end. The problem can be solved only when the SA lifetime ends. Before the SA lifetime ends, the SA between IKE peers exists, causing traffic loss. Unreachability of an IKE peer can result in black holes where traffic is discarded. IPSec communication can be restored rapidly only when black holes are identified and detected in a timely manner.
The device provides heartbeat detection and dead peer detection (DPD) to detect the IKE peer status. Configure heartbeat detection or DPD as needed.