Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
Hi All,
Can anyone explain me what this statement is trying to convey?
show security ipsec sec-ass index XXX
Tunnel Down Reason: DPD failoverDirection: inbound,
Thanks in advance.
Regards,
Chandu
Hello Chandu,
DPD is the machanism used to verify if the two peers have Active IKE SAs between them or not. In this mechanism, one device sends DPD_R_U_THERE messages & the other device responds with DPD_R_U_THERE_ACK.If one of the device fails to receive DPD_R_U_THERE_ACK packet for say 3 times or 4 times (duration is configurable parameter), the device marks Phase 1 & Phase 2 SAs with the peer as down.'show security ipsec security-association index <XXXXX>' command will show the reason as 'Tunnel Down Reason: DPD failover Juniper'DPD can fail because of many reasons like problem in the patch, DPD misconfiguration etc.
Rushi
So do you mean to say that, the device in which i'm seeing the statement " Tunnel Down Reason: DPD failover " means that, the current device has not received ACK from the peer and it crossed the threshold and then it brought down the tunnel?
I'm i correct?
Hello,
That is correct.