User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR41

201

202

203

204

205

206

207

208

209

210

201

Entity

Instance

Parameter

Values

Equivalent Web Parameter

egroup n fbakpeerip IP Address Backup Peer IP Address

egroup n fpeerid String Peer ID

egroup n fourid String Our ID

egroup n fpwd String Password

Configuration – Network > Virtual Private Networking (VPN) > IPsec >

Dead Peer Detection

When Dead Peer Detection (DPD) is enabled on an IPsec tunnel, the router will send an IKE

DPD request at regular intervals. If no response is received to the DPD request, the IPsec

tunnel is considered as suspect and the requests are sent at a shorter interval until either

the maximum number of outstanding requests allowed is reached or a response is received.

If no response is received to the configured maximum requests, the IPSec tunnels are

closed.

Note:

IKE DPD requests require that an IKE SA is present. If one is not present, the DPD request

will fail.

To help ensure that an IKE SA exists with a lifetime at least as great as the IPsec lifetime,

the router creates new IKE SAs whenever the IPsec SA lifetime exceeds the lifetime of an

existing IKE SA and attempts to negotiate a lifetime for the IKE SA that is 60 seconds longer

than the desired lifetime of the IPsec SA.

Mark the IPsec tunnel as suspect if there is no traffic for n seconds

The period of time of inactivity on a tunnel before it is deemed to be suspect, i.e. if there is

no activity on a healthy link for the time period defined, then the tunnel is them deemed to

be suspect.

Send a DPD request on a healthy link every n seconds

The interval at which DPD requests are sent on an IPsec tunnel that is deemed to be

healthy. A healthy link is one with traffic.

Send a DPD request on a suspect link every n seconds

The interval at which DPD requests are sent on an IPsec tunnel that is deemed to be

suspect. A suspect link is one where there has been no traffic for a specified period of time.

Close the IPsec tunnels after no response for n DPD requests

The maximum number of DPD requests that will be sent without receiving a response before

the IPsec tunnels are closed.