Skip to main content
Tecnologie
Tecnologie
New Member
July 17, 2012
Question

VPN error DPD - ESP

  • July 17, 2012
  • 6 replies
  • 72909 views
Hello everybody, I have vpn on pcs for connect in headquarter. Sometime, I don' t not why, but tunnel come in error, and error si always the same. I post the image of event error. Depend of what this kind of error? Thanks very much!

    6 replies

    Tecnologie
    TecnologieAuthor
    New Member
    July 23, 2012
    no one?
    HASimac
    HASimac
    New Member
    July 24, 2012
    Hello, Your VPN is configured to use DPD (Dead Peer Dectection). DPD generates keepalive packets at regular interval and wait an answer from the remote peer. If no there' s no answer, the local device tear down the IPSec session. First, check BOTH devices about DPD settings (retry count and retry interval). Even if it' s not recommended you can also try to disable DPD (on both side). Regards, HA
    Tecnologie
    TecnologieAuthor
    New Member
    July 25, 2012
    Fantastic!! Thank you very much!!!
    emnoc
    emnoc
    New Member
    July 26, 2012
    Keep in mind , 9 out of 10 times, DPD is enabled and negoiated during the ipsec setup. I don' t think that' s the reason for the ESP error. DPD is mutual-neg before the ESP SA and with in IKE setup and with the vendor capabilities. Also if the DPD keepalive interval are not set correctly , they can reflect lost of neighborship.
    HASimac
    HASimac
    New Member
    July 26, 2012
    Hi, The IPSec Phase2 is going down BECAUSE the DPD fails. It' s written in the log... In fact, some platform, like Checkpoint, doesn' t support DPD. As said before, DPD keepalive timers must be configured correctly... Regards, HA
    rsmayer
    rsmayer
    New Member
    June 26, 2013
    Hi... I' m having issues with dial-up vpn connections dropping. You mentioned that " DPD timers must be configured correctly" . Can you please elaborate on that? How would I determine the " correct" settings? My thought would be that setting retry 10 and interval 15, one side or the other would have to miss 10 probes over a 2 1/2 minute time span for dpd to fail. Is that not correct?
    CodeTron
    CodeTron
    Explorer II
    April 6, 2017

    I'm receiving the same error on DPD, what could be the best setting to eliminate VPN connection dropping

     

    Thank you

     

    Tecnologie
    TecnologieAuthor
    New Member
    August 3, 2012
    Ok thanks everybody. My problem was undertand if there was a problem " with IpSec protocol" or with the line... So thank for explanations and I change the phone line
    Terms & ConditionsAccessibility statement