[c-nsp] DPD dead peer detection

Terry Baranski tbaranski at mail.com
Sat Aug 2 15:31:09 EDT 2008 

Stefan,

You're right -- DPD is just a keepalive.  It sounds like what you want is
two "set peer" statements in Router-B's crypto-map.  If you have recent
enough code you can put the "default" command after the ISP1 peer statement
to make it the primary.  If not, I don't know of a way to always prefer one
peer over the other -- in my experience the first peer in a crypto-map isn't
always the one used (at the very least, the failover behavior seems to be
non-revertive).

I think you'll still want to use DPD in this scenario for reliable failure
detection -- it should allow Router-B to switch peers faster during a
failure.

-Terry

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Stefan Hegger
> Sent: Friday, August 01, 2008 6:04 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] DPD dead peer detection
> 
> 
> Hi,
> 
> probably someone can help me to answer the following question.
> 
> 
> I have a VPN router (Router_a) with 2 interfaces connected to 
> 2 ISP's with 2 
> IP's and I have a homeoffice with a small VPN router 
> (Router_b) connected to 
> one ISP with one interface and one IP.
> 
> Now I want to use DPD to check which route to use to connect 
> from Router_b to 
> Router_a. ISP1 is the default, ISP2 is backup.
> 
> As far as I understand DPD is a keepalive to check if a peer 
> is up and 
> switches between peers and does not do anything with the 
> routing. So it 
> checks only if the key exchange works and peer is established 
> within same 
> tunnel. If it is like that, I can not use DPD to solve my 
> problem and should 
> use track and ip sla monitor.
> 
> Best Stefan 
> -- 
> Stefan Hegger
> Internet System Engineer
> 
> Lycos Europe GmbH
> Carl-Bertelsmann Str. 29
> Postfach 315
> 33312 Gütersloh 
> 
> Phone:
> Tel: +49 5241 8071 334
> Fax: +49 5241 80671 334
> Mobile: +49 170 1892720
> 
> Sitz der Gesellschaft: Gütersloh
> Amtsgericht Gütersloh, HRB 2157
> Geschäftsführer: Christoph Mohn 
> 
>   <http://www.lycos-europe.com/L/A/>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list