Looking for the effects of enabling DPD on IPSec tunnels using Dialup connections.
We have a remote site with 2 ISP connections and our main site which also has 2 ISP connections. From each site, we have 2x tunnels connected on each ISP for a total of 4x tunnels.
We ran into an issue where one of the ISPs went down, but traffic was not redirected over either of the remaining 2 tunnels.
I want to enable DPD on these tunnels which is pretty straight forward, but I cannot find any information regarding the effects enabling DPD may have on a dialup connection and being a remote site, I don't want to inadvertently bring the site down.
Any input or advice would be greatly appreciated!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Dialup/agressive/dynamic or static IPsec affects how IKE peering gets established.
DPD exchange (ISAKMP R-U-THERE/R-U-THERE-ACK messages) on the other hand starts happening between two peers AFTER the IKE peering has established. Therefore the method to establish IKE peering wouldn't affect to how DPD exchange would work, or vice versa.
Toshi
Dialup/agressive/dynamic or static IPsec affects how IKE peering gets established.
DPD exchange (ISAKMP R-U-THERE/R-U-THERE-ACK messages) on the other hand starts happening between two peers AFTER the IKE peering has established. Therefore the method to establish IKE peering wouldn't affect to how DPD exchange would work, or vice versa.
Toshi
Thank you!
That is what I was assuming, but assumptions can sometimes get the best of us.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.