Enabling And Adjusting Dead Peer Detection - Cisco 5505 - ASA Firewall Edition Bundle Administrator's Manual

Configuring, Enabling, and Using Other AnyConnect Features

Enabling and Adjusting Dead Peer Detection

Dead Peer Detection (DPD) ensures that the security appliance (gateway) or the client can quickly detect
a condition where the peer is not responding, and the connection has failed.
Note When using the AnyConnect client with DTLS on security appliance, Dead Peer Detection must be
enabled in the group policy on the security appliance to allow the AnyConnect client to fall back to TLS,
if necessary. Fallback to TLS occurs if the AnyConnect client cannot send data over the UPD/DTLS
session, and the DPD mechanism is necessary for fallback to occur.
To enable DPD on the security appliance or client for a specific group or user, and to set the frequency
with which either the security appliance or client performs dead-peer detection, use the Dead Peer
Detection dialog box for either group-policy or username. The paths to this setting are:
•
•
•
Figure 5-12
policy.
Cisco AnyConnect VPN Client Administrator Guide
5-14
Configuration > Remote Access VPN > Network (Client) Access > Group Policies > Add or Edit >
Add or Edit Internal Group Policy > Advanced > SSL VPN Client > Dead Peer Detection
Configuration > Remote Access VPN > Network (Client) Access > AAA Setup > Local Users > Add
or Edit > Add or Edit User Account > VPN Policy > SSL VPN Client > Dead Peer Detection
Device Management > Users/AAA > User Accounts > Add or Edit > Add or Edit User Account >
VPN Policy > SSL VPN Client > Dead Peer Detection
shows an example of configuring the Dead Peer Detection setting for an internal group
Chapter 5 Configuring AnyConnect Features Using ASDM
OL-12950-012