Solved: Re: Check Point DPD (Dead Peer Detection) - Questi...

Marcel_Gramalla · ‎2019-03-21

Hi all,

I have two questions regarding the Dead Peer Detection between our Check Point Cluster and other existing VPN connections to non-Check Point Gateways.

1. Does enabling DPD (Responder Mode) has any impact on existing VPN connections? Can I enable it "on-the-fly" without having any disconnects to the VPN? I haven't found an answer on that yet.

2. If I change a VPN community with non-Check Point Gateways to "Permanent Tunnels" in order to active DPD with GuiDBedit does this have any impact on existing connections?

Thanks in advance for any help

Nick_Doropoulos · ‎2019-10-08

Yes, there is. You can check with the GuiDBedit tool under Network Objects >> network_objects:

I hope this helps.

View solution in original post

Jerry · ‎2019-03-21

quickly though:

Ad.1 - it will re-estab SA/SPI indeed
Ad.2. - it will re-estab the tunnel

ps. any changes to the proxy-id or any crypt.conf params will re-key and re-estab SA/SPI

Jerry

Marcel_Gramalla · ‎2019-03-21

Thanks for the quick reply. That means that we have to announce it so that if there is any issue our partners know about it.

Jerry · ‎2019-03-21

it will in 100% impact/affect an existing tunnel(s) so yes, that should be announced and planed for so called "maintenance window" 🙂

cheers

Jerry

Ravindra_Katrag · ‎2019-09-11

Is there any way to check if DPD is enabled?

Nick_Doropoulos · ‎2019-10-08

Yes, there is. You can check with the GuiDBedit tool under Network Objects >> network_objects:

I hope this helps.

View solution in original post

Ravindra_Katrag · ‎2019-10-31

Thank you

Nick_Doropoulos · ‎2019-11-04

My pleasure!

nagaraja_cs · ‎2019-11-05

Can we achieve VPN redundancy with 3rd party Gateways by enabling DPD(In R80.10 or R80.20) ?

Check Point DPD (Dead Peer Detection) - Questions