Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
32432
Views
10
Helpful
6
Replies

Site-To-Site VPN DPD detection

Go to solution
Stephen Sisson
Level 1
Level 1

‎06-26-2014 08:05 AM - edited ‎03-11-2019 09:23 PM

Hello everyone

We need your help with our Site-To-Site VPN

We have a VPN site-to-site connection the remote client has implemented DPD on their side and requesting we do the same on our Cisco 5505 ASA firewall. 

My Question; is this recommended by Cisco if not please give a complete reason why, we can summit to upper management for review

Can you help me with the commands/Syntax for adding this to our Cisco 5505 ASA firewall running IOS version 8.45; will this bring the tunnel down while we configure this DPD?

 

Thank you

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Stephen Sisson

‎06-26-2014 10:43 AM

Part of what may be generating some confusion is terminology. We have been talking about Dead Peer Detection and probably you have looked in the documentation for that. When I look for that I do not find much. But another name for DPD is ISAKMP keepalives. And this page is where you can enable/disable ISAKMP keepalives for a site to site tunnel.

 

 

http://www.cisco.com/c/dam/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113290-add-new-vpn-peer-04.gif

HTH

 

Rick

HTH

Rick

View solution in original post

6 Replies 6

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎06-26-2014 08:59 AM

DPD is a feature that you can enable or disable, if you choose, on the ASA. Since it is enabled by default on the ASA we can probably deduce that Cisco probably does recommend this feature.

 

You can see this link for an interesting discussion of DPD including DPD on ASA with some mention of the commands to use on ASA

https://supportforums.cisco.com/document/32546/dead-peer-detection

 

I would not expect that configuring DPD would bring down an active tunnel, assuming that the peer for the tunnel is, in fact, alive and active.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
Stephen Sisson
Level 1
Level 1
In response to Richard Burts

‎06-26-2014 09:35 AM

Hello Richard, thanks for the quick response

Can you explain how to configure this from the ASDM GUI for version 8.4.5

 

Thank you Sir

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Stephen Sisson

‎06-26-2014 10:43 AM

Part of what may be generating some confusion is terminology. We have been talking about Dead Peer Detection and probably you have looked in the documentation for that. When I look for that I do not find much. But another name for DPD is ISAKMP keepalives. And this page is where you can enable/disable ISAKMP keepalives for a site to site tunnel.

 

 

http://www.cisco.com/c/dam/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113290-add-new-vpn-peer-04.gif

HTH

 

Rick

HTH

Rick

Go to solution
Stephen Sisson
Level 1
Level 1
In response to Richard Burts

‎06-26-2014 10:47 AM

Yes Sir, confusion while reading all the many documents on the internet, you made this so easy

Thank you Sir - all you help

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Stephen Sisson

‎06-26-2014 11:06 AM

I am glad that my response was helpful. Thank you for using the rating system to mark this question as answered. That makes it easier for other readers in the forum to find helpful information.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Go to solution
ChakoMwendapole5185
Level 1
Level 1
In response to Richard Burts

‎08-25-2018 03:47 AM

Hi

 

thank so much on the distinction of DPD vs ISAKMP keepalives.

However i want to activate DPD/ISAKMP from a Cisco Linux firepower NGFW. Assist me to navigate to the correct screen.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card