Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
571
Views
0
Helpful
1
Replies

ASA dead-peer-detection behaviour

binelipetrov
Level 1
Level 1

‎03-03-2009 05:20 AM - edited ‎03-11-2019 07:59 AM

ASA is by default sending DPD R_U_THERE packets and expecting R_U_THERE_ACK packets from peer.

My question is: in which moment ASA is sending DPD packets? Is this "always on" behavior or ASA is starting sending DPD packets once it stops receiving encrypted traffic over the tunnel from the peer? In this case, what is the idleness period or idleness criteria?

Thanks

Labels:
0 Helpful
1 Reply 1

Ivan Martinon
Level 7
Level 7

‎03-03-2009 07:29 AM

DPD's are sent only when there is no traffic flowing through the tunnel, the values are defined under the tunnel group that affects this lan to lan/remote access

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i3.html#wp1842584

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card