1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Gateway
  5. ASR 5000 Series 3G Home NodeB
  6. Administration manual

Dead Peer Detection (Dpd) Configuration; Configuring Crypto Group - Cisco ASR 5000 Series 3G Home NodeB Administration Manual

3g home nodeb gateway
Hide thumbs
Table of Contents

Advertisement

▀ Dead Peer Detection (DPD) Configuration

Dead Peer Detection (DPD) Configuration
This section provides instructions for configuring the Dead Peer Detection (DPD).
Defined by RFC 3706, Dead Peer Detection (DPD) is used to simplify the messaging required to verify communication
between peers and tunnel availability.
DPD is configured at the context level and is used in support of the IPSec Tunnel Failover feature (refer to the
Redundant IPSec Tunnel Fail-Over
when IPSec is used for Mobile IP applications. When used with Mobile IP applications, DPD ensures the availability of
tunnels between the FA and HA. (Note that the starIPSECDynTunUp and starIPSECDynTunDown SNMP traps are
triggered to indicate tunnel state for the Mobile IP scenario.)
Regardless of the application, DPD must be supported/configured on both security peers. If the system is configured
with DPD but it is communicating with a peer that does not have DPD configured, IPSec tunnels still come up.
However, the only indication that the remote peer does not support DPD exists in the output of the
isakmp security-associations summary
Important:
cleared.
Important:
To configure the Crypto group to support IPSec:
Step 1
Enable dead peer detection on system in support of the IPSec Tunnel Failover feature by following the steps in the

Configuring Crypto Group

Step 2
Verify your Crypto Group configuration by following the steps in the
Step 3
Save your configuration to flash memory, an external memory device, and/or a network location using the Exec mode
command
save configuration
System Administration Guide and the Command Line Interface Reference.
Configuring Crypto Group
Use the following example to configure a crypto group on your system for redundant IPSec tunnel fail-over support:
configure
context <ctxt_name>
ikev1 keepalive dpd interval <dur> timeout <dur> num-retry <retries>
end
Notes:
 <
ctxt_name
▄ Cisco ASR 5000 Series 3G Home NodeB Gateway Administration Guide
180
section) and/or to help prevent tunnel state mismatches between an FA and HA
If DPD is enabled while IPSec tunnels are up, it will not take affect until all of the tunnels are
DPD must be configured in the same context on the system as other IPSec Parameters.
section
. For additional information on how to verify and save configuration files, refer to the
> is the destination context where the Crypto Group is to be configured.
command.
Verifying the DPD Configuration
IP Security
show crypto
section.
OL-25069-03

Advertisement

Table of Contents
loading

Related Manuals for Cisco ASR 5000 Series 3G Home NodeB

Related Content for Cisco ASR 5000 Series 3G Home NodeB

This manual is also suitable for:

Asr 5000 series

Table of Contents