Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

dead-peer-detection (Security Group VPN Server)

Syntax

Hierarchy Level

Description

Enable the device to use dead peer detection (DPD). DPD is a method used by devices to verify the current existence and availability of IPsec peers. A device performs this verification by sending encrypted IKE Phase 1 notification payloads (R-U-THERE messages) to a peer and waiting for DPD acknowledgements (R-U-THERE-ACK messages) from the peer.

Options

always-send—Send probes periodically regardless of incoming and outgoing data traffic. Starting in Junos OS Release 24.2R1, MX304 supports dead-peer-detection in always-send mode by default or when explicitly configured.

interval seconds—Specify the interval time in seconds between DPD probe messages.

  • Range: 10 through 60 seconds

  • Default: 10 seconds

threshold number—Specify the maximum number of DPD retransmissions.

  • Range: 1 through 5

  • Default: 5

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Support for the Group VPN server added in Junos OS Release 15.1X49-D30 for vSRX Virtual Firewall.