Configuring the IKEv2 DPD feature

IKEv2 DPD detects dead IKEv2 peers in periodic or on-demand mode.

Periodic IKEv2 DPD—Verifies the liveness of an IKEv2 peer by sending DPD messages at regular intervals.
On-demand IKEv2 DPD—Verifies the liveness of an IKEv2 peer by sending DPD messages before sending data.
- Before the device sends data, it identifies the time interval for which the last IPsec packet has been received from the peer. If the time interval exceeds the DPD interval, it sends a DPD message to the peer to detect its liveliness.
- If the device has no data to send, it never sends DPD messages.

If you configure IKEv2 DPD in both IKEv2 profile view and system view, the IKEv2 DPD settings in IKEv2 profile view apply. If you do not configure IKEv2 DPD in IKEv2 profile view, the IKEv2 DPD settings in system view apply.

To configure global IKEv2 DPD:

Step	Command	Remarks
1. Enter system view.	system-view	N/A
2. Configure global IKEv2 DPD.	ikev2 dpd interval interval [ retry seconds ] { on-demand \| periodic }	By default, global DPD is disabled.

prev	up	next
Enabling the cookie challenging feature	home	Configuring the IKEv2 NAT keepalive feature