Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

dead-peer-detection

Syntax

Hierarchy Level

Description

Enable the device to use dead peer detection (DPD). DPD is a method used by devices to verify the current existence and availability of IPsec peers. A device performs this verification by sending encrypted IKE Phase 1 notification payloads (R-U-THERE messages) to a peer and waiting for DPD acknowledgements (R-U-THERE-ACK messages) from the peer.

Options

interval

Specify the amount of time that the peer waits for traffic from its destination peer before sending a dead-peer-detection (DPD) request packet.

  • Default: 10 seconds

  • Range: 2 through 60 seconds

always-send

Instructs the device to send dead peer detection (DPD) requests regardless of whether there is outgoing IPsec traffic to the peer.

optimized

Send dead peer detection (DPD) messages if there is no incoming IKE or IPsec traffic within the configured interval after outgoing packets are sent to the peer. This is the default DPD mode.

probe-idle-tunnel

Send dead peer detection (DPD) messages during idle traffic time between peers.

threshold

Specify the maximum number of unsuccessful dead peer detection (DPD) requests to be sent before the peer is considered unavailable.

  • Default: 5

  • Range: 1 through 5

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5. Support for the optimized and probe-idle-tunnel options added in Junos OS Release 12.1X46-D10.

Support for multiple peer addresses in DPD configuration with IPsec VPN running iked process is introduced in Junos OS Release 23.4R1.