Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Site-To-Site VPN DPD detection

Hello everyone

We need your help with our Site-To-Site VPN

We have a VPN site-to-site connection the remote client has implemented DPD on their side and requesting we do the same on our Cisco 5505 ASA firewall. 

My Question; is this recommended by Cisco if not please give a complete reason why, we can summit to upper management for review

Can you help me with the commands/Syntax for adding this to our Cisco 5505 ASA firewall running IOS version 8.45; will this bring the tunnel down while we configure this DPD?

 

Thank you

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Part of what may be

Part of what may be generating some confusion is terminology. We have been talking about Dead Peer Detection and probably you have looked in the documentation for that. When I look for that I do not find much. But another name for DPD is ISAKMP keepalives. And this page is where you can enable/disable ISAKMP keepalives for a site to site tunnel.

 

 

http://www.cisco.com/c/dam/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113290-add-new-vpn-peer-04.gif

HTH

 

Rick

5 REPLIES
Hall of Fame Super Silver

DPD is a feature that you can

DPD is a feature that you can enable or disable, if you choose, on the ASA. Since it is enabled by default on the ASA we can probably deduce that Cisco probably does recommend this feature.

 

You can see this link for an interesting discussion of DPD including DPD on ASA with some mention of the commands to use on ASA

https://supportforums.cisco.com/document/32546/dead-peer-detection

 

I would not expect that configuring DPD would bring down an active tunnel, assuming that the peer for the tunnel is, in fact, alive and active.

 

HTH

 

Rick

New Member

Hello Richard, thanks for the

Hello Richard, thanks for the quick response

Can you explain how to configure this from the ASDM GUI for version 8.4.5

 

Thank you Sir

Hall of Fame Super Silver

Part of what may be

Part of what may be generating some confusion is terminology. We have been talking about Dead Peer Detection and probably you have looked in the documentation for that. When I look for that I do not find much. But another name for DPD is ISAKMP keepalives. And this page is where you can enable/disable ISAKMP keepalives for a site to site tunnel.

 

 

http://www.cisco.com/c/dam/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113290-add-new-vpn-peer-04.gif

HTH

 

Rick

New Member

Yes Sir, confusion while

Yes Sir, confusion while reading all the many documents on the internet, you made this so easy

Thank you Sir - all you help

Hall of Fame Super Silver

I am glad that my response

I am glad that my response was helpful. Thank you for using the rating system to mark this question as answered. That makes it easier for other readers in the forum to find helpful information.

 

HTH

 

Rick

1680
Views
0
Helpful
5
Replies