Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1917
Views
0
Helpful
1
Replies

IKE Keepalive and DPD

yongl
Level 1
Level 1

‎03-01-2005 12:06 AM - edited ‎03-09-2019 10:28 AM

Hello,

r1#show crypto isakmp sa detail

Codes: C - IKE configuration mode, D - Dead Peer Detection

K - Keepalives, N - NAT-traversal

X - IKE Extended Authentication

psk - Preshared key, rsig - RSA signature

renc - RSA encryption

Question:

1. What are the differences between Keepalives(Code K) and Dead Peer Detection(Code D) as shown above ?

2. How to enable these features ?

Labels:
0 Helpful
1 Reply 1

mhussein
Level 4
Level 4

‎03-01-2005 02:21 AM

This feature was introduces as of IOS 12.3(7)T

crypto isakmp keepalive seconds periodic

With the "periodic" key word, DPD keepalives are sent every x seconds.

I believe keepalives (code K) are more of a "heartbeat" unidirectional messages, while DPD is a negotiated protocol that provides for an earlier detection of dead peers.

I hope someone from Cisco comments on this.

References:

1. IPSec Dead Peer Detection Periodic

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/gtdpmo.htm

2. RFC 3706 Detecting Dead IKE Peers

ftp://ftp.rfc-editor.org/in-notes/rfc3706.txt

Regards,

Mustafa

0 Helpful
Customers Also Viewed These Support Documents