Istvan_Rabai Fri, 10/03/2008 - 11:59
User Badges:
  • Gold, 750 points or more

Hi Sai,

This command provides the so called Dead Peer Detection (DPD) feature.

When you configure this command, by default keepalive messages are sent with the period xx between the IPSec peers when there is no user traffic. (If there is user traffic, there is no need to check the operational status of the peer).

When the keepalive message is sent, the peer responds to the keepalive message, indicating that it is still alive.

If a dead peer is detected by not receiving responses to the keepalive messages, the IPSec connection can perform stateless failover to an alternative peer.

Alternative peers can be configured in the crypto map command:

set peer x.x.x.x default

set peer y.y.y.y

The peer marked by the default keyword is first used for the VPN connection.

If DPD discovers that it is down, it will initiate a connection with the second peer.

There's of course much more to this feature.

I suggest you to take a look at the link in the previous post.




This Discussion