dpd_failure

Hi @Timur1 

Based on the information provided, here are some potential causes and troubleshooting steps for the DPD failures in your IPsec tunnels:

1. Check for any network path issues that might be causing intermittent disconnections. This includes ISP traffic shaping, rate-limiting of IPsec protocol traffic, or packet loss on the network path.
   • Verify if there are any NAT device timeouts or firewalls along the path that might be dropping ESP packets.
2.  Ensure there are no conflicts between IPv4 and IPv6 traffic if both protocols are enabled. This can cause routing conflicts or peer identification issues.
3.  Review the DPD settings to ensure they are optimized for your network conditions. While the default is 3 retries with a 20-second interval, you might need to adjust these settings based on your network's latency and reliability.
4. Consider enabling keepalive messages to maintain the tunnel's active state and prevent it from going idle, which can help avoid disconnections due to DPD.

5.  

   Use diagnostic tools to gather more information about the DPD failures. Commands like diagnose debug application ike -1 can provide insights into the IKE process and DPD exchanges.
   • Check logs for any specific error messages or patterns that occur during the DPD failures.
   • https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPsec-VPN-stops-passing-traffic-with-DPD-failure/ta-p/416613

Best regards,

Erlin