Dead Peer Detection (DPD) is a method of detecting a dead Internet Key Exchange (IKE) peer. The method uses IPsec traffic patterns to minimize the number of messages required to confirm the availability of a peer. DPD is used to reclaim the lost resources in case a peer is found dead and it is also used to perform IKE peer failover.
How does it work ?
When DPD is enabled, VPN device sends IPsec DPD packet “R_U_THERE” to other peer and waits ACK packet of it. If there is no feedback from the other peer, it disconnects the IPsec tunnel. Before VPN devices negotiate, you should decide to use DPD or not.