Dead Peer Detection (DPD) for IPsec

Dead Peer Detection (DPD) is the method to detect the aliveness of an IPsec connection. During IPsec tunnel creation, VPN peers will negotiate to decide whether to use DPD or not. When DPD is in use, the router will send DPD packet R_U_THERE to the VPN peer and wait for peer's ACK. If there is no feedback from the peer, it will disconnect the IPsec tunnel.

All Vigor VPN Routers support IPsec DPD feature. For DrayOS models, DPD is enabled by default and cannot be turned off. When detecting no traffic over the IPsec tunnel, the router will send DPD packets every 15 seconds. If the peer doesn't respond for two times, the router will then disconnect the IPsec tunnel.

Model Vigor2960 and Vigor3900 support changing the Delay and Timeout Settings in the Advanced tab of IPsec profiles.

Published On:2015-10-07

Was this helpful?

Apply NAT inside IPsec VPN to match Remote Network's Firewall Policy
IPsec XAuth from iOS to Vigor Router
IPsec VPN between a DrayOS router and a Vigor3900/Vigor2960

Dead Peer Detection (DPD) for IPsec

Related Articles

Related Article

Products

Resources

About