Using DPD on Dialup IPSec VPN Connections

ThatGuySteve · ‎05-29-2024

Looking for the effects of enabling DPD on IPSec tunnels using Dialup connections.

We have a remote site with 2 ISP connections and our main site which also has 2 ISP connections. From each site, we have 2x tunnels connected on each ISP for a total of 4x tunnels.

We ran into an issue where one of the ISPs went down, but traffic was not redirected over either of the remaining 2 tunnels.

I want to enable DPD on these tunnels which is pretty straight forward, but I cannot find any information regarding the effects enabling DPD may have on a dialup connection and being a remote site, I don't want to inadvertently bring the site down.

Any input or advice would be greatly appreciated!

ThatGuySteve.... Just my 10 cents...

Toshi_Esumi · ‎05-29-2024

Dialup/agressive/dynamic or static IPsec affects how IKE peering gets established.
DPD exchange (ISAKMP R-U-THERE/R-U-THERE-ACK messages) on the other hand starts happening between two peers AFTER the IKE peering has established. Therefore the method to establish IKE peering wouldn't affect to how DPD exchange would work, or vice versa.

Toshi

View solution in original post

Toshi_Esumi · ‎05-29-2024

Dialup/agressive/dynamic or static IPsec affects how IKE peering gets established.
DPD exchange (ISAKMP R-U-THERE/R-U-THERE-ACK messages) on the other hand starts happening between two peers AFTER the IKE peering has established. Therefore the method to establish IKE peering wouldn't affect to how DPD exchange would work, or vice versa.

Toshi

ThatGuySteve · ‎05-29-2024

Thank you!

That is what I was assuming, but assumptions can sometimes get the best of us.

ThatGuySteve.... Just my 10 cents...

Using DPD on Dialup IPSec VPN Connections

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website