Vpn Global Settings: Ipsec - Cisco ROUTER-SDM-CD User Manual

VPN Global Settings
XAuth Timeout
Enable Dead Peer Detection (DPD)

VPN Global Settings: IPSec

Cisco Router and Security Device Manager 2.5 User's Guide
16-4
The number of seconds the router is to wait for a response from a system requiring
XAuth authentication.
Dead Peer Detection (DPD) enables a router to detect a dead peer and, if detected,
delete the IPSec and IKE security associations with that peer.
The Enable Dead Peer Detection checkbox is disabled when the Cisco IOS image
that the router is using does not support DPD.
Keepalive
Specify the number of seconds that the router should maintain a connection when
it is not being used.
Retry
Specify the number of seconds that the router should wait between attempts to
establish an IKE connection with a peer. The default value is '2' seconds.
DPD Type
Select On Demand or Periodic.
If set to On Demand, DPD messages are sent on the basis of traffic patterns. For
example, if a router has to send outbound traffic and the liveliness of the peer is
questionable, the router sends a DPD message to query the status of the peer. If a
router has no traffic to send, it never sends a DPD message.
If set to Periodic, the router sends DPD messages at the interval specified by the
IKE Keepalive value.
Edit global IPSec settings in this window.
Chapter 16 VPN Global Settings
OL-4015-12