Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Enable the device to use dead peer detection (DPD). DPD is a method used by devices to verify the current existence and availability of IPsec peers. A device performs this verification by sending encrypted IKE Phase 1 notification payloads (R-U-THERE messages) to a peer and waiting for DPD acknowledgements (R-U-THERE-ACK messages) from the peer.



Specify the amount of time that the peer waits for traffic from its destination peer before sending a dead-peer-detection (DPD) request packet.

  • Default: 10 seconds

  • Range: 2 through 60 seconds


Instructs the device to send dead peer detection (DPD) requests regardless of whether there is outgoing IPsec traffic to the peer.


Send dead peer detection (DPD) messages if there is no incoming IKE or IPsec traffic within the configured interval after outgoing packets are sent to the peer. This is the default DPD mode.


Send dead peer detection (DPD) messages during idle traffic time between peers.


Specify the maximum number of unsuccessful dead peer detection (DPD) requests to be sent before the peer is considered unavailable.

  • Default: 5

  • Range: 1 through 5

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5. Support for the optimized and probe-idle-tunnel options added in Junos OS Release 12.1X46-D10.

Support for multiple peer addresses in DPD configuration with IPsec VPN running iked process is introduced in Junos OS Release 23.4R1.