DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

IPSec - Dead Peer Detection

More
08 Jan 2010 12:21 #59711 by monk
IPSec - Dead Peer Detection was created by monk
We have a Vigor 2820, Firmware Version: 3.3.3_232201.

We are creating a VPN on the second interface to a PIX 506 6.3.3 like we have done hundreds of times before (both connected to the same switch.) We have however run into a problem setting this up and it seems to be a problem with the dead peer detection.

The PIX we found was having the SA taken down by the vigor so we had a look at the vigor. The syslog message we get states that the DPD is timing out this expires the SA.

Vigor: DPD timeout and expire SA...ifno=16

We are using a completely standard PIX config and have tested it with other VPNS.

Any ideas on why the DPD is failing, I notice that there was a update in a resent patch I am wondering if this broke something?

Can we disable the DPD on the vigor if so how?

P.S. While typing this message, someone has set up the same between the vigor and a 515E 6.3.3 and is getting the exact same problem.

Regards,

MONK

Please Log in or Create an account to join the conversation.

Moderators: ChrisSami