Configure the PIX Security Appliance as an Easy VPN Server
Task 10 – enable IKE dead peer detection

Dead peer detection (DPD) allows two IPSec peers to determine if the other is still alive during the lifetime of a VPN connection. DPD is useful because a host may reboot or the dialup link of a remote user may disconnect without notifying the peer that the VPN connection is gone away. When the IPSec host determines that a VPN connection no longer exists, it can notify the user, attempt to switch to another IPSec host, or clean up valuable resources that were allocated for the peer that no longer exists.

A DPD peer can send DPD messages, reply to DPD messages, or both. DPD messages are unidirectional and are automatically sent by Cisco VPN clients. Unlike the old-style IKE keepalives, DPD is not required on both peers. DPD can be configured on just the remote, just the headend, or both depending on the requirements. The isakmp keepalive command in tunnelgroup ipsec-attributes configuration mode is used to enable PIX Security Appliance gateway to send IKE DPD messages . The number of seconds between DPD messages can be configured. The number of seconds between retries if a DPD message fails can also be configured.


Lab Activity

Lab Exercise: Configure a Secure VPN Using IPSec between a PIX and a VPN Client using ASDM

In this lab exercise, students will configure the PIX Easy VPN Server feature using the VPN Wizard. Students will then install and configure the Cisco VPN Client on the Student PC. Finally, students will verify and Test the Cisco VPN Client remote access connection.

Lab Activity

Lab Exercise: Configure a Secure VPN Using IPSec between a PIX and a VPN Client using CLI

In this lab exercise, students will configure and verify the PIX Easy VPN Server feature using CLI. Students will then install and configure the Cisco VPN Client on a Microsoft Windows end-user PC. Finally, students will verify and Test the Cisco VPN Client remote access connection.