Internet Key Exchange for VPNs 6-15
•Dead Peer Detection toggles whether or not the Router will detect a remote peer being offline.
Enhanced Dead Peer Detection
Motorola Netopia® Embedded Software Version 8.7.4 adds new Dead Peer Detection mechanisms.
In previous software versions, when Dead Peer Detection was enabled, a counter would begin in the router when any traffic was sent through the tunnel. Determination of a dead peer could take up to eight minutes.
Motorola Netopia® Embedded Software Version 8.7.4 provides a new Dead Peer Detection mechanism. An IPsec IP net interface sends ICMP ping requests to a specific IP address on a Remote Member network. The ping is periodic, and the reply is expected within a certain amount of time. If the ICMP reply does not arrive within that time, the peer is considered dead, the current phase 2 SAs are torn down, and the IKE SA starts a new phase 1 negotiation, followed by the normal phase 2 negotiation, thereafter.
When you toggle Dead Peer Detection to Yes (on), new options appear.
Advanced IPsec Options
SA Lifetime seconds: | 28800 |
SA Lifetime Kbytes: |
|
Perfect Forward Secrecy: | Yes |
Dead Peer Detection: | Yes |
Ping host: | 192.168.2.1 |
Ping source address: | 192.168.1.1 |
Ping retry interval: | 5 |
Ping reply timeout: | 90 |
•Ping host allows you to specify the host IP address of the host to ping, and from which replies will be expected.
This field is only available if you have previously configured, and committed, remote network IP data in the Add Network Configuration screen under Advanced IP Profile Options. See “Add Network Configuration” on page
•Beginning with Software Version 8.7.4, Ping source address allows you to specify the source IP address of outbound router traffic. This permits multiple IPSec tunnels to transmit and receive DPD packets via the correct tunnel.
•Ping retry interval and Ping reply timeout options appear.