Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA dead-peer-detection behaviour

ASA is by default sending DPD R_U_THERE packets and expecting R_U_THERE_ACK packets from peer.

My question is: in which moment ASA is sending DPD packets? Is this "always on" behavior or ASA is starting sending DPD packets once it stops receiving encrypted traffic over the tunnel from the peer? In this case, what is the idleness period or idleness criteria?

Thanks

1 REPLY

Re: ASA dead-peer-detection behaviour

DPD's are sent only when there is no traffic flowing through the tunnel, the values are defined under the tunnel group that affects this lan to lan/remote access

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/i3.html#wp1842584

356
Views
0
Helpful
1
Replies
CreatePlease to create content