What is IPsec DPD (Dead Peer Detection)?

Dead Peer Detection (DPD) is the method to detect the aliveness of a IPsec connection. During IPsec tunnel creation, VPN devices will negotiate and then decide to use DPD or not. When DPD is in use, VPN device will send IPsec DPD packet "R_U_THERE" to peer and wait for peer's ACK. If there is no feedback from the peer, it will disconnect the IPsec tunnel.

All Vigor VPN Routers support IPsec DPD feature. Vigor2960 and Vigor3900 series support changing the Delay and Timeout Settings via Advanced tab in IPsec profiles.

   

 

While other Vigor VPN Routers have DPD turned on by default and cannot turn it off nor change the parameters. For these Vigor VPN Routers, when DPD is negotiated to be used over a IPsec tunnel, Vigor will send DPD packets every 15 seconds when detecting no traffic over the IPsec tunnel. If peer doesn't respond to the DPD packet for two times, it will disconnect the IPsec tunnel. 

Was this article helpful?
57What is IPsec DPD (Dead Peer Detection)? has been viewed------ 57 ------times.