What is difference between a keepalives and Dead peer Detection in a VPN?

Unanswered Question
Jun 12th, 2010
User Badges:

Hi Everyone,


Can anyone help me to know " what is difference between a keepalives and a dead peer detection in VPN ? "


Thanks,

Kiran

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marcin Latosiewicz Sun, 06/13/2010 - 01:45
User Badges:
  • Cisco Employee,

Kiran,


Reference RFCs

http://www.ietf.org/rfc/rfc3706


 The method, called Dead Peer Detection (DPD) uses IPSec traffic
   patterns to minimize the number of IKE messages that are needed to
   confirm liveness.  DPD, like other keepalive mechanisms, is needed to
   determine when to perform IKE peer failover, and to reclaim lost
   resources.

DPD is the mothod of keepalives implemented on Cisco routers/FWs/vpn3000 and possibly most other devices.
It is configured via "crypto isakmp keepalive" is the CLI to set it.

Now my memory might serve me wrong but there used to be a keepalive mechanism in place before :-)
Nowadays isakmp keepalives and DPDs are used interchangeably.

Marcin


Actions

This Discussion