Home   | CCNA Certification  |   CCNP Training   | CompTIA |  Boot Camps  |  Free Tutorials   | MS Vista | About Me
 

Get My Exclusive FREE 7-Part Report,
"How To Pass The CCNA", Daily FREE
Cisco And CompTIA Exam Questions,
And All The Latest Certification News
In My Daily Newsletter!

Privacy Policy

Name:
Email:
  More Testimonials >
Visit my blog for free daily Cisco CCNA and CCNP certification questions, my latest free articles and tutorials, and more!


 

Cisco CCNP ISCW Exam Tutorial

Dead Peer Detection - Default And "On-Demand"

By Chris Bryant, CCIE #12933

With all things Cisco, we just have to have a keepalive, and with our IPSec peers, that keepalive is Dead Peer Detection.  (There's a second keepalive as well that I'll mention after the DPD discussion.)

I feel silly telling you what the DPD does, since if any networking feature has a "the name is the recipe" name, it's this one!  As with any keepalive, there are a few basics we need to know....

The CCNP exams generally aren't IOS-version specific, certainly not like the CCIE exams are, but you should know that DPD was introduced with IOS version 12.3(7)T.  Older IOS versions do not use DPD, obviously, and you may run into routers with earlier IOS versions out in the field.

According to Cisco's website, the following devices support DPD:

  • The Cisco VPN 3000 concentrator
  • Cisco PIX firewalls
  • Cisco VPN client
  • Easy VPN Remote
  • Easy VPN Server

DPD can run in two different ways, the default setting and "on-demand".  The default setting is much like the routing protocol hellos we've studied in the past.  According to Cisco's website, the router will send a DPD Hello every 10 seconds "unless the router receives a hello message from the peer".  

Dead Peer Detection Default

As with routing protocols, the drawback of the regularly-scheduled hello packet is that it results in more packets to be processed - and in this case, encrypted and decrypted.  That's why DPD offers an on-demand configuration where a router will send a DPD Hello only in advance of sending traffic to a peer. 

Dead Peer Detection On-Demand

The second keepalive method is simply the keepalive method of the routing protocol you're using over the VPN. Of course, that timer depends on whether you're running RIP, OSPF, or EIGRP - so you better review your CCNA studies and have those timers down cold!

We'll continue our discussion of VPNs in the next installment of my CCNP ISCW exam tutorial series -- and in the meantime, learn more about my ISCW Study Package and The Ultimate CCNP Study Package Bundle, which covers all four CCNP exams, and be totally prepared for CCNP exam success!

To your success,

Chris Bryant

CCIE #12933

chris@thebryantadvantage.com

 

 

The Ultimate CCNA Study Package | The Ultimate CCNA Study Guide

Binary Math And Subnetting Mastery

Cisco Rack Rentals

CCNP BSCI Exam Study Package

CCNP BCMSN Exam Study Package

CCNP BCRAN Exam Study Package

CCNP CIT Exam Study Package | CCNP BSCI Exam Study Guide

CCNA CBT Video Boot Camp | CCNP BSCI Video Boot Camp

Cisco Training Tutorials And Cisco Certification Articles

CCNP CBT BCMSN Video Boot Camp | CCNP CBT BCRAN Video Boot Camp

CompTIA Network+ Exam Study Package

CompTIA Security+ Exam Study Package

CompTIA A + Certification Exam Study Package

CCNA Training Store | CCNP Certification Training Store

CompTIA Certification Training Store

Cisco Lab Router And Switch Home Lab Help

Site Map | Home Page | Testimonials

Microsoft Windows Vista Certification Updates And News

The Bryant Advantage Blog | About Chris Bryant, CCIE #12933