dead-peer-detection
Syntax
dead-peer-detection {
(always-send | optimized | probe-idle-tunnel);
interval seconds;
threshold number;
}
Hierarchy Level
[edit security ike gateway gateway-name]
Description
Enable the device to use dead peer detection (DPD). DPD is a method used by devices to verify the current existence and availability of IPsec peers. A device performs this verification by sending encrypted IKE Phase 1 notification payloads (R-U-THERE messages) to a peer and waiting for DPD acknowledgements (R-U-THERE-ACK messages) from the peer.
Options
| interval | Specify the amount of time that the peer waits for traffic from its destination peer before sending a dead-peer-detection (DPD) request packet.
|
| always-send | Instructs the device to send dead peer detection (DPD) requests regardless of whether there is outgoing IPsec traffic to the peer. |
| optimized | Send dead peer detection (DPD) messages if there is no incoming IKE or IPsec traffic within the configured interval after outgoing packets are sent to the peer. This is the default DPD mode. |
| probe-idle-tunnel | Send dead peer detection (DPD) messages during idle traffic time between peers. |
| threshold | Specify the maximum number of unsuccessful dead peer detection (DPD) requests to be sent before the peer is considered unavailable.
|
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5. Support for the
optimized and probe-idle-tunnel options added
in Junos OS Release 12.1X46-D10.
Support for multiple peer addresses in DPD configuration with IPsec VPN running iked process is introduced in Junos OS Release 23.4R1.