Cisco Cisco Packet Data Interworking Function (PDIF) Guía Para Resolver Problemas
Context Configuration Mode Commands
ikev1 keepalive dpd ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22947-02
ikev1 keepalive dpd
This command configures the ISAKMP IPSec Dead Peer Detection (DPD) message parameters for IKE v1 protocol.
Product
PDSN, HA, GGSN
Privilege
Security Administrator, Administrator
Syntax
Deletes previously configured IPSec DPD Protocol settings.
The time interval at which IPSec DPD Protocol messages are sent.
is measured in seconds and can be configured to any integer value between 10 and 3600.
The amount of time allowed for receiving a response from the peer security gateway prior to re-sending the
message.
message.
is measured in seconds and can be configured to any integer value between 10 and 3600.
The maximum number of times that the system should attempt to reach the peer security gateway prior to
considering it unreachable.
considering it unreachable.
can be configured to any integer value between 1 and 100.
Usage
Use this command to configure the ISAKMP dead peer detection parameters in IKE v1 protocol.
Tunnels belonging to crypto groups are perpetually kept ―up‖ through the use of the IPSec Dead Peer
Detection (DPD) packets exchanged with the peer security gateway.
Tunnels belonging to crypto groups are perpetually kept ―up‖ through the use of the IPSec Dead Peer
Detection (DPD) packets exchanged with the peer security gateway.
Important:
The peer security gateway must support RFC 3706 in order for this functionality to function
properly.
This functionality is for use with the Redundant IPSec Tunnel Fail-over feature and to prevent IPSec tunnel
state mismatches between the FA and HA when used in conjunction with Mobile IP applications.
Regardless of the application, DPD must be supported/configured on both security peers. If the system is
configured with DPD but it is communicating with a peer that does not have DPD configured, IPSec tunnels
still come up. However, the only indication that the remote peer does not support DPD exists in the output of
the
state mismatches between the FA and HA when used in conjunction with Mobile IP applications.
Regardless of the application, DPD must be supported/configured on both security peers. If the system is
configured with DPD but it is communicating with a peer that does not have DPD configured, IPSec tunnels
still come up. However, the only indication that the remote peer does not support DPD exists in the output of
the
command.