https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260221#M73764 <P>this means the remote end was not able to respond to the R-U-THERE packet</P> <P>&nbsp;</P> <P>this is like a heartbeat but with a little more 'intelligence': a ping heartbeat may be replied to by a system that is in a crashed state, while a isakmp r-u-there requires the host to lookup it's SA and formulate a reply. if DPD determines the remote end did not reply, the remote peer is identified as down</P> Wed, 08 May 2019 07:49:17 GMT reaper 2019-05-08T07:49:17Z https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/259864#M73650 <P>&nbsp;</P><P>I was reading this KB article about DPD</P><P>&nbsp;</P><P>&nbsp;</P><P>does this mean that say when phase 1 is down or its lifetime expires will DPD will come into play?</P><P>&nbsp;</P><P>or&nbsp;</P><P>&nbsp;</P><P>when when phase 1 is red and phase 2 about to expire rekey will happen for phase 2 then DPD will come into play?</P> Sat, 04 May 2019 16:34:46 GMT https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/259864#M73650 MP18 2019-05-04T16:34:46Z https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260084#M73714 <P>hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/75039">@MP18</a>&nbsp;</P> <P>Which article exactly?</P> <P>&nbsp;</P> <P>please read this one:&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFaCAK" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFaCAK</A></P> <P>&nbsp;</P> <P><SPAN>DPD is used to detect if the peer device still has a valid IKE-SA. Periodically, it will send a “ISAKMP R-U-THERE” packet to the peer, which will respond back with an “ISAKMP R-U-THERE-ACK” acknowledgement.</SPAN></P> <P>&nbsp;</P> <P><SPAN>so to both your questions: no</SPAN></P> <P><SPAN>DPD is used to check on a healthy tunnel from the moment it is established</SPAN></P> Tue, 07 May 2019 08:09:46 GMT https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260084#M73714 reaper 2019-05-07T08:09:46Z https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260210#M73755 <P>On system log i see if i filter via</P><P>&nbsp;</P><P>( subtype eq vpn ) and ( severity eq low)</P><P>&nbsp;</P><P>description contains 'IKE phase-1 SA is down determined by DPD.' ) and ( eventid eq ike-nego-p1-dpd-dn )</P><P>&nbsp;</P><P>Does this mean that if phase 1 is down DPD will inform us?</P><P>&nbsp;</P><P>Curious to understand this log?</P> Wed, 08 May 2019 03:13:35 GMT https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260210#M73755 MP18 2019-05-08T03:13:35Z https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260221#M73764 <P>this means the remote end was not able to respond to the R-U-THERE packet</P> <P>&nbsp;</P> <P>this is like a heartbeat but with a little more 'intelligence': a ping heartbeat may be replied to by a system that is in a crashed state, while a isakmp r-u-there requires the host to lookup it's SA and formulate a reply. if DPD determines the remote end did not reply, the remote peer is identified as down</P> Wed, 08 May 2019 07:49:17 GMT https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260221#M73764 reaper 2019-05-08T07:49:17Z https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260322#M73789 <P>so does this mean that even if phase 1 is up and for some reason it is normail to see this message?</P><P>&nbsp;</P><P>when we do not get DPD ask from neighbour device can we assume that phase 1 is down?</P> Thu, 09 May 2019 05:24:36 GMT https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260322#M73789 MP18 2019-05-09T05:24:36Z https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260530#M73854 <P>Please answer my last question</P> Fri, 10 May 2019 16:40:26 GMT https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260530#M73854 MP18 2019-05-10T16:40:26Z https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260591#M73863 If phase 1 is up and you get a DPD error, phase 1 will not stay up for long anymore as there is an SA mismatch or the remote peer is down<BR />If the remote end stops sending DPD heartbeats, it has likely torn down the tunnel, or has died Fri, 10 May 2019 22:09:26 GMT https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260591#M73863 reaper 2019-05-10T22:09:26Z https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260603#M73866 <P>Many Thanks Reaper</P> Sat, 11 May 2019 05:29:48 GMT https://live.paloaltonetworks.com/t5/general-topics/the-dpd-is-quot-not-persistent-quot-and-is-only-triggered-by-a/m-p/260603#M73866 MP18 2019-05-11T05:29:48Z