IP Security - Virtual Private Network
Left running head:
Chapter name (automatic)
842
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
Alcatel-Lucent
DEAD PEER DETECTION (DPD)
DPD enables IPsec to identify the loss of peer connectivity. It helps to recognize
black holes as soon as possible and recover lost resources.
By default, DPD is turned off. A global configuration is available so that all
connections follow the same DPD configuration. Each connection can override
the global DPD configuration by specifying its own DPD policy in its crypto map.
T
O CONFIGURE DPD GLOBALLY
EXAMPLE
ALU(config)# crypto ike dpd interval 10 timeout 35
ALU(config)# no crypto ike dpd
Command (in CM) Description
crypto ike dpd interval <5-
3600> [timeout <5-72000>]
This command configures the DPD
globally with the interval in seconds for
which the keep-alive messages will be
sent, and the time-out in seconds after
which the peer will be declared to be
dead.
The default value for DPD time-out is
three times that of the DPD interval
specified.
no crypto ike dpd This command disables DPD for IPsec
globally.