Cisco Cisco ASR 5000
Context Configuration Mode Commands I-M
ikev1 keepalive dpd ▀
Command Line Interface Reference, StarOS Release 18 ▄
2529
This functionality is for use with the Redundant IPSec Tunnel Fail-over feature and to prevent IPSec tunnel
state mismatches between the FA and HA when used in conjunction with Mobile IP applications.
Regardless of the application, DPD must be supported/configured on both security peers. If the system is
configured with DPD but it is communicating with a peer that does not have DPD configured, IPSec tunnels
still come up. However, the only indication that the remote peer does not support DPD exists in the output of
the
state mismatches between the FA and HA when used in conjunction with Mobile IP applications.
Regardless of the application, DPD must be supported/configured on both security peers. If the system is
configured with DPD but it is communicating with a peer that does not have DPD configured, IPSec tunnels
still come up. However, the only indication that the remote peer does not support DPD exists in the output of
the
show crypto isakmp security associations summary dpd
command.
Important:
If DPD is enabled while IPSec tunnels are up, it will not take affect until all of the tunnels are
cleared.
Example
The following command configures IPSec DPD Protocol parameters to have an interval of
15
, a timeout of
10
, to retry each attempt
5
times:
ikev1 keepalive dpd interval 15 timeout 10 num-retry 5