User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

201

202

203

204

205

206

207

208

209

210

203

Dead Peer Detection

Configuration – Network > Virtual Private Network (VPN)>IPsec> Dead Peer

Detection

When Dead Peer Detection (DPD) is enabled on an IPsec tunnel, the router will send an IKE

DPD request at regular intervals. If no response is received to the DPD request, the IPsec

tunnel is considered as suspect and the requests are sent at a shorter interval until either

the maximum number of outstanding requests allowed is reached or a response is received.

If no response is received to the configured maximum requests, the IPSec tunnels are

closed.

Note:

IKE DPD requests require that an IKE SA is present. If one is not present, the DPD request

will fail.

To help ensure that an IKE SA exists with a lifetime at least as great as the IPsec lifetime,

the router creates new IKE SAs whenever the IPsec SA lifetime exceeds the lifetime of an

existing IKE SA and attempts to negotiate a lifetime for the IKE SA that is 60 seconds longer

than the desired lifetime of the IPsec SA.

Mark the IPsec tunnel as suspect if there is no traffic for n seconds

The period of time of inactivity on a tunnel before it is deemed to be suspect, i.e. if there is

no activity on a healthy link for the time period defined, then the tunnel is them deemed to

be suspect.

Send a DPD request on a healthy link every n seconds

The interval at which DPD requests are sent on an IPsec tunnel that is deemed to be

healthy. A healthy link is one with traffic.

Send a DPD request on a suspect link every n seconds

The interval at which DPD requests are sent on an IPsec tunnel that is deemed to be

suspect. A suspect link is one where there has been no traffic for a specified period of time.

Close the IPsec tunnels after no response for n DPD requests

The maximum number of DPD requests that will be sent without receiving a response before

the IPsec tunnels are closed.

Related CLI Commands

Entity

Instance

Parameter

Values

Equivalent Web Parameter

dpd 0 inact Integer

Mark the IPsec tunnel as suspect if

there is no traffic for n seconds

dpd 0 okint Integer

Send a DPD request on a healthy

link every n seconds

dpd 0 failint Integer

Send a DPD request on a suspect

link every n seconds

dpd 0 maxfail Integer

Close the IPsec tunnels after no

response for n DPD requests