Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

What is difference between a keepalives and Dead peer Detection in a VPN?

Hi Everyone,

Can anyone help me to know " what is difference between a keepalives and a dead peer detection in VPN ? "

Thanks,

Kiran

1 REPLY
Cisco Employee

Re: What is difference between a keepalives and Dead peer Detect

Kiran,

Reference RFCs

http://www.ietf.org/rfc/rfc3706

 The method, called Dead Peer Detection (DPD) uses IPSec traffic
   patterns to minimize the number of IKE messages that are needed to
   confirm liveness.  DPD, like other keepalive mechanisms, is needed to
   determine when to perform IKE peer failover, and to reclaim lost
   resources.

DPD is the mothod of keepalives implemented on Cisco routers/FWs/vpn3000 and possibly most other devices.
It is configured via "crypto isakmp keepalive" is the CLI to set it.

Now my memory might serve me wrong but there used to be a keepalive mechanism in place before :-)
Nowadays isakmp keepalives and DPDs are used interchangeably.

Marcin


856
Views
0
Helpful
1
Replies