DPD (Dead Peer Detection) under ISAKMP Profile

Unanswered Question
Jan 27th, 2010
User Badges:

Hi All,

1) DPD can either be configured globally thus,

crypto isakmp keepalive 10 periodic

- this gives you a choice of On-demand (the default) or periodic (as in above example)

or under an ISAKMP Profile, eg.

crypto isakmp profile Fred-profile
   keyring FRED-KEYS
   match identity address <IP addr> fred-vrf
   keepalive 10 retry 2

- this CLI Help does not give choice of on-demand or periodic

Does this mean DPD under ISAKMP profile can only do on-demand (not periodic) ? The debug output tends to suggest this.

2) Does the keepalive time need to be the same on both peers (I think not but would appreciate input).

Regards, MH

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion