1) DPD can either be configured globally thus,
crypto isakmp keepalive 10 periodic
- this gives you a choice of On-demand (the default) or periodic (as in above example)
or under an ISAKMP Profile, eg.
crypto isakmp profile Fred-profile
match identity address <IP addr> 255.255.255.255 fred-vrf
keepalive 10 retry 2
- this CLI Help does not give choice of on-demand or periodic
Does this mean DPD under ISAKMP profile can only do on-demand (not periodic) ? The debug output tends to suggest this.
2) Does the keepalive time need to be the same on both peers (I think not but would appreciate input).