06-26-2014 08:05 AM - edited 03-11-2019 09:23 PM
Hello everyone
We need your help with our Site-To-Site VPN
We have a VPN site-to-site connection the remote client has implemented DPD on their side and requesting we do the same on our Cisco 5505 ASA firewall.
My Question; is this recommended by Cisco if not please give a complete reason why, we can summit to upper management for review
Can you help me with the commands/Syntax for adding this to our Cisco 5505 ASA firewall running IOS version 8.45; will this bring the tunnel down while we configure this DPD?
Thank you
Solved! Go to Solution.
06-26-2014 10:43 AM
Part of what may be generating some confusion is terminology. We have been talking about Dead Peer Detection and probably you have looked in the documentation for that. When I look for that I do not find much. But another name for DPD is ISAKMP keepalives. And this page is where you can enable/disable ISAKMP keepalives for a site to site tunnel.
HTH
Rick
06-26-2014 08:59 AM
DPD is a feature that you can enable or disable, if you choose, on the ASA. Since it is enabled by default on the ASA we can probably deduce that Cisco probably does recommend this feature.
You can see this link for an interesting discussion of DPD including DPD on ASA with some mention of the commands to use on ASA
https://supportforums.cisco.com/document/32546/dead-peer-detection
I would not expect that configuring DPD would bring down an active tunnel, assuming that the peer for the tunnel is, in fact, alive and active.
HTH
Rick
06-26-2014 09:35 AM
Hello Richard, thanks for the quick response
Can you explain how to configure this from the ASDM GUI for version 8.4.5
Thank you Sir
06-26-2014 10:43 AM
Part of what may be generating some confusion is terminology. We have been talking about Dead Peer Detection and probably you have looked in the documentation for that. When I look for that I do not find much. But another name for DPD is ISAKMP keepalives. And this page is where you can enable/disable ISAKMP keepalives for a site to site tunnel.
HTH
Rick
06-26-2014 10:47 AM
Yes Sir, confusion while reading all the many documents on the internet, you made this so easy
Thank you Sir - all you help
06-26-2014 11:06 AM
I am glad that my response was helpful. Thank you for using the rating system to mark this question as answered. That makes it easier for other readers in the forum to find helpful information.
HTH
Rick
08-25-2018 03:47 AM
Hi
thank so much on the distinction of DPD vs ISAKMP keepalives.
However i want to activate DPD/ISAKMP from a Cisco Linux firepower NGFW. Assist me to navigate to the correct screen.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide