I was preparing for ISCW paper and question appear in front of me and i was unable to identify what he is asking about as i saw the DPD term for the first time, question was
Q: What are the default parameters when configuration backup IPSec VPN with Cisco IOS Release 12.2(8)T or Later?
Ans: DPD Hello messages are sent every 10 seconds if the router has traffic to send
After this i google the DPD term and i came to know about the following information about DPD.
With all things Cisco, we just have to have a keepalive, and with our IPSec peers, that keepalive is Dead Peer Detection.
I feel silly telling you what the DPD does, since if any networking feature has a "the name is the recipe" name, it's this one! As with any keepalive, there are a few basics we need to know....
The CCNP exams generally aren't IOS-version specific, certainly not like the CCIE exams are, but we should know that DPD was introduced with IOS version 12.3(7)T. Older IOS versions do not use DPD, obviously, and you may run into routers with earlier IOS versions out in the field.
According to Cisco's website, the following devices support DPD:
* The Cisco VPN 3000 concentrator
* Cisco PIX firewalls
* Cisco VPN client
* Easy VPN Remote
* Easy VPN Server
DPD can run in two different ways, the default setting and "on-demand". The default setting is much like the routing protocol hellos we've studied in the past. According to Cisco's website, the router will send a DPD Hello every 10 seconds "unless the router receives a hello message from the peer".
As with routing protocols, the drawback of the regularly-scheduled hello packet is that it results in more packets to be processed - and in this case, encrypted and decrypted. That's why DPD offers an on-demand configuration where a router will send a DPD Hello only in advance of sending traffic to a peer.
The second keepalive method is simply the keepalive method of the routing protocol you're using over the VPN. Of course, that timer depends on whether you're running RIP, OSPF, or EIGRP.
DPD can also be used as a mechanism to detect IPSec GRE tunnel failures.
Hope it will be informative.