Configuring Dead Peer Detection - Siemens RX1500 User Manual

Chapter 5
Setup and Configuration
11. If certificates and keys are required, make sure they are configured on the device. For more information,
refer to Section 5.28.3, "Configuring Certificates and
12. Click Commit to save the changes or click Revert All to abort. A confirmation dialog box appears. Click OK
to proceed.
13. Click Exit Transaction or continue making changes.
Section 5.28.6.3

Configuring Dead Peer Detection

Dead Peer Detection (DPD), as defined in
Internet Key Exchange (IKE) peers. In this method, peers exchange DPD Request (ISAKMP R-U-THERE) and
DPD Response (ISAKMP R-U-THERE-ACK) messages. If a DPD Response is not received by a peer after a
specified time and/or number of attempts, the other peer is considered dead. The remaining peer can either
hold the connection until other peer responds, clear the connection, restart the connection and renegotiate the
Security Association (SA), or restart all SA's to the dead peer.
In ROX II, DPD Requests are sent when there is no traffic detected by the peer. How long to wait before sending
a DPD Request and how long to wait for a DPD Response is user configurable.
It is generally recommended that DPD be configured to clear connections with any dead peers.
To configure dead peer detection for an IPsec connection, do the following:
1. Change the mode to Edit Private or Edit Exclusive.
Navigate to tunnel » ipsec » connection » {name}, where {name} is the name of the connection. The
2.
Dead Peer Detect form appears.
Figure 728: Dead Peer Detect Form
1. Enabled Check Box
3. Configure the following parameter(s) as required:
624
RFC 3706
1
2
3
4
2. Interval Box 3. Timeout Box
Keys".
[http://tools.ietf.org/html/rfc3706] is used to detect dead
4. Action List
RUGGEDCOM ROX II
User Guide
Configuring Dead Peer Detection