Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2846
Views
0
Helpful
1
Replies

What is difference between a keepalives and Dead peer Detection in a VPN?

Kiran Doijode
Level 1
Level 1

‎06-12-2010 11:51 AM

Hi Everyone,

Can anyone help me to know " what is difference between a keepalives and a dead peer detection in VPN ? "

Thanks,

Kiran

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎06-13-2010 01:45 AM

Kiran,

Reference RFCs

http://www.ietf.org/rfc/rfc3706

 The method, called Dead Peer Detection (DPD) uses IPSec traffic
   patterns to minimize the number of IKE messages that are needed to
   confirm liveness.  DPD, like other keepalive mechanisms, is needed to
   determine when to perform IKE peer failover, and to reclaim lost
   resources.

DPD is the mothod of keepalives implemented on Cisco routers/FWs/vpn3000 and possibly most other devices.
It is configured via "crypto isakmp keepalive" is the CLI to set it.

Now my memory might serve me wrong but there used to be a keepalive mechanism in place before :-)
Nowadays isakmp keepalives and DPDs are used interchangeably.

Marcin


0 Helpful
Customers Also Viewed These Support Documents