IP Security
IKEv2 Keep-Alive Messages (Dead Peer Detection)
IPSec for LTE/SAE supports IKEv2 keep-alive messages, also known as Dead Peer Detection (DPD), originating from
both ends of an IPSec tunnel. Per RFC 3706, DPD is used to simplify the messaging required to verify communication
between peers and tunnel availability. You configure DPD on each IPSec node. You can also disable DPD, and the node
will not initiate DPD exchanges with other nodes. However, the node always responds to DPD availability checks
initiated by another node regardless of its DPD configuration.
E-UTRAN/EPC Logical Network Interfaces Supporting IPSec Tunnels
The figure below shows the logical network interfaces over which secure IPSec tunnels can be created in an E-
UTRAN/EPC (Evolved UMTS Terrestrial Radio Access Network/Evolved Packet Core) network. The table that follows
the figure provides a description of each logical network interface.
Figure 17.
E-UTRAN
EPC
Signaling Interface
Bearer Interface
Table 17. E-UTRAN/EPC Logical Network Interfaces Supporting IPSec Tunnels
Interface
Description
OL-25069-03
E-UTRAN/EPC Logical Network Interfaces Supporting IPSec Tunnels
MME
S1-MME
S1-U
eNodeB
S-GW
P-GW
S5
Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide ▄
IPSec for LTE/SAE Networks ▀
189