Fortinet FortiGate FortiGate-60M Administration Manual page 272

CLI configuration
272
ipsec phase1 command keywords and variables (Continued)
Keywords and
variables
dpd-retrycount
<retry_integer>
dpd-retryinterval
<seconds_integer>
Example
Use the following command to edit an IPSec VPN phase 1 configuration with the
following characteristics:
• Phase 1 configuration name: Simple_GW
• Remote peer address type: Dynamic
• Encryption and authentication proposal: des-md5
• Authentication method: psk
• Pre-shared key: Qf2p3O93jIj2bz7E
• Mode: aggressive
• Dead Peer Detection: enable
• Long idle: 1000
• Short idle: 150
• Retry count: 5
• Retry interval: 30
config vpn ipsec phase1
edit Simple_GW
set Type dynamic
set proposal des-md5
set authmethod psk
set psksecret Qf2p3O93jIj2bz7E
set mode aggressive
set dpd enable
set dpd-idlecleanup 1000
set dpd-idleworry 150
set dpd-retrycount 5
set dpd-retryinterval 30
end
01-28007-0144-20041217
Description
The DPD retry count when dpd is set to
enable. Set the number of times that the
local VPN peer sends a DPD probe before
it considers the link to be dead and tears
down the security association (SA). The
dpd-retrycount range is 0 to 10.
To avoid false negatives due to congestion
or other transient failures, set the retry
count to a sufficiently high value for your
network.
The DPD retry interval when dpd is set to
enable. Set the time, in seconds, that the
local VPN peer waits between sending DPD
probes. The dpd-retryinterval range
is 1 to 60.
VPN
Default Availability
3 All models.
dpd must
be set to
enable.
5 All models.
seconds
dpd must
be set to
enable.
Fortinet Inc.