Dead Peer Detection
Dead peer detection (DPD) enables two IPSec peers to determine if each other is still
“alive” during the lifetime of the VPN connection. This functionality is useful to clean up
valuable VPN resources that are allocated to a peer that no longer exists.
A Cisco VPN device can be configured to send and reply to DPD messages. DPD messages
are sent when no other traffic is traversing the IPSec tunnel. If a configured amount of time
passes without a DPD message, a dead peer can be detected. DPD messages are
unidirectional and automatically sent by Cisco VPN Clients. DPD is configured on the
server only if the server wishes to send DPD messages to VPN Clients to assess their health.