ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308 Reference Manual
Virtual Private Networking Using IPsec Connections 5-57
v1.0, April 2010
5. Click Apply to save your settings.
Configuring Dead Peer Detection
The Dead Peer Detection (DPD) feature maintains the IKE SA by exchanging periodic messages
with the remote VPN peer. To configure DPD on a configured IKE policy:
1. Select VPN > IPSec VPN from the menu. The IPsec VPN submenu tabs display, with the IKE
Policies screen in view (see Figure 5-20 on page 5-22).
2. In the List of IKE Policies table, click the Edit table button to the right of the IKE policy that
you want to edit. The Edit IKE Policy screen displays. (Figure 5-32 on page 5-58 shows only
the IKE SA Parameters section of the screen).
Table 5-20. Keepalive Settings
Item Description (or Subfield and Description)
General
Enable Keepalive Select a radio button to specify if keepalive is enabled:
• Yes. This feature is enabled. Periodically, the VPN firewall sends keepalive
requests (ping packets) to the remote endpoint to keep the tunnel alive.
You must enter the ping IP address, detection period, and the maximum
number of keepalive requests that the VPN firewall sends (see below).
• No. This feature is disabled. This is the default setting.
Ping IP Address The IP address that the VPN firewall pings. The address
must be of a host that can respond to ICMP ping
requests.
Detection Period The period in seconds between the keepalive requests.
The default setting is 10 seconds.
Reconnect after
failure count
The maximum number of keepalive requests before the
VPN firewall tears down the connection and then
attempts to reconnect to the remote endpoint. The default
is 3 keepalive requests.
To Next Page
Loading...
