Link to home
Start Free TrialLog in
Avatar of respawn
respawnFlag for Canada

asked on

What is DPD_REQUEST & DPD_ACK????

In my sonicwall logs I keep getting the same entries every minute.

05/26/2009 17:15:34.928 RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0xA5FADE55) *(HASH, NOTIFY:DPD_ACK) [my ip], 500 [thier ip], 500    
 
05/26/2009 17:15:34.880 SENDING>>>> ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x744FF034) *(HASH, NOTIFY:DPD_REQUEST) [their ip], 500 [my ip], 500    

Does anyone know what this means? I can't find anything on googl;e or in the Knowledge base on expert's exchange. I think this has something to do with a Site to Site vpn but am not sure. All I know is my remote site is having connection issues so I pulled this from their sonicwall. Using Sonicwall Standard 3.5 OS
ASKER CERTIFIED SOLUTION
Avatar of rscurley
rscurley

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of respawn

ASKER

This is coming up every minute if not less. Is that normal? I can't imagin it is. What could cause a firewall to go through this at least every single minute. I have other sites connected to the same sonicwall that doesn't give this in their logs.
Avatar of respawn

ASKER

Here's a copy of my log file. Is it normal for this to come up so often?

x.x.?.?  = wan ips
y.y.?.? = remote ips
z.z.?.? = local ips

1      5/27/2009 0:52      VPN TCP SYN      y.y..2.1, 80      z.z.0.9, 4501      
2      5/27/2009 0:51      DHCP Client got ACK from server.      75.157.64.254, 67      x.x.78.104, 68      x.x.78.104
3      5/27/2009 0:51      Sending DHCP REQUEST (Renewing).      x.x.78.104, 68      75.157.64.254, 67      x.x.78.104
4      5/27/2009 0:51      RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x693ACE16) *(HASH, NOTIFY:DPD_ACK)      x.x.133.213, 500      x.x.78.104, 500      
5      5/27/2009 0:51      SENDING>>>> ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x55E719B7) *(HASH, NOTIFY:DPD_REQUEST)      x.x.78.104, 500      x.x.133.213, 500      
6      5/27/2009 0:51      Broadcast packet dropped      y.y..2.105, 0, LAN      y.y..2.255, 46976, LAN      Protocol:138
7      5/27/2009 0:51      VPN TCP FIN      y.y..2.1, 80      z.z.0.9, 4485      
8      5/27/2009 0:51      VPN TCP PSH      z.z.0.9, 4485 (admin)      y.y..2.1, 80      
9      5/27/2009 0:51      VPN TCP SYN      y.y..2.1, 80      z.z.0.9, 4485      
10      5/27/2009 0:50      RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x3E6DE91A) *(HASH, NOTIFY:DPD_ACK)      x.x.133.213, 500      x.x.78.104, 500      
11      5/27/2009 0:50      SENDING>>>> ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x7ABF6A04) *(HASH, NOTIFY:DPD_REQUEST)      x.x.78.104, 500      x.x.133.213, 500      
12      5/27/2009 0:49      RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x82AB3AB2) *(HASH, NOTIFY:DPD_ACK)      x.x.133.213, 500      x.x.78.104, 500      
13      5/27/2009 0:49      SENDING>>>> ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x15FE7A87) *(HASH, NOTIFY:DPD_REQUEST)      x.x.78.104, 500      x.x.133.213, 500      
14      5/27/2009 0:48      RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x952D5B1E) *(HASH, NOTIFY:DPD_ACK)      x.x.133.213, 500      x.x.78.104, 500      
15      5/27/2009 0:48      SENDING>>>> ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x3EE41B14) *(HASH, NOTIFY:DPD_REQUEST)      x.x.78.104, 500      x.x.133.213, 500      
16      5/27/2009 0:48      VPN TCP FIN      y.y..2.106, 1442      z.z.0.15, 389      
17      5/27/2009 0:48      VPN TCP SYN      z.z.0.15, 135      y.y..2.106, 1439      
18      5/27/2009 0:48      Received fragmented packet or fragmentation needed      y.y..2.106      z.z.0.15      
19      5/27/2009 0:47      RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x1157D83C) *(HASH, NOTIFY:DPD_ACK)      x.x.133.213, 500      x.x.78.104, 500      
20      5/27/2009 0:47      SENDING>>>> ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x4FED4EE0) *(HASH, NOTIFY:DPD_REQUEST)      x.x.78.104, 500      x.x.133.213, 500      
21      5/27/2009 0:47      UDP packet dropped      221.209.110.103, 48461, WAN      x.x.78.104, 1026, WAN      UDP Port: 1026
22      5/27/2009 0:46      VPN TCP FIN      y.y..2.102, 2010      z.z.0.7, 80      
23      5/27/2009 0:46      VPN TCP PSH      y.y..2.102, 2010      z.z.0.7, 80      
24      5/27/2009 0:46      VPN TCP SYN      z.z.0.7, 80      y.y..2.102, 2010      
25      5/27/2009 0:46      Broadcast packet dropped      y.y..2.108, 0, LAN      y.y..2.255, 46976, LAN      Protocol:138
26      5/27/2009 0:46      RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0xD47ED153) *(HASH, NOTIFY:DPD_ACK)      x.x.133.213, 500      x.x.78.104, 500      
27      5/27/2009 0:46      SENDING>>>> ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x50E07A99) *(HASH, NOTIFY:DPD_REQUEST)      x.x.78.104, 500      x.x.133.213, 500      
28      5/27/2009 0:45      VPN zone administrator login allowed      z.z.0.9, 0, WAN (admin)      y.y..2.1, 80, LAN      admin, TCP Web (HTTP)
29      5/27/2009 0:45      RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x3664594) *(HASH, NOTIFY:DPD_ACK)      x.x.133.213, 500      x.x.78.104, 500      
30      5/27/2009 0:45      SENDING>>>> ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x7A0918A4) *(HASH, NOTIFY:DPD_REQUEST)      x.x.78.104, 500      x.x.133.213, 500      
31      5/27/2009 0:45      VPN TCP FIN      y.y..2.1, 80      z.z.0.9, 4168      
32      5/27/2009 0:45      VPN TCP PSH      y.y..2.1, 80      z.z.0.9, 4168      
33      5/27/2009 0:45      Broadcast packet dropped      y.y..2.105, 0, LAN      y.y..2.255, 46976, LAN      Protocol:138
34      5/27/2009 0:45      VPN TCP SYN      z.z.0.15, 49157      y.y..2.107, 1695      
35      5/27/2009 0:44      RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0xB751494A) *(HASH, NOTIFY:DPD_ACK)      x.x.133.213, 500      x.x.78.104, 500      
36      5/27/2009 0:44      SENDING>>>> ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x6218EB58) *(HASH, NOTIFY:DPD_REQUEST)      x.x.78.104, 500      x.x.133.213, 500      
37      5/27/2009 0:43      VPN TCP FIN      y.y..2.107, 1689      z.z.0.15, 389      
38      5/27/2009 0:43      VPN TCP SYN      z.z.0.15, 135      y.y..2.107, 1686      
39      5/27/2009 0:43      Received fragmented packet or fragmentation needed      y.y..2.107      z.z.0.15      
40      5/27/2009 0:43      RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0xB34F88E9) *(HASH, NOTIFY:DPD_ACK)      x.x.133.213, 500      x.x.78.104, 500      
41      5/27/2009 0:43      SENDING>>>> ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x7F2CD09) *(HASH, NOTIFY:DPD_REQUEST)      x.x.78.104, 500      x.x.133.213, 500      
42      5/27/2009 0:42      VPN TCP PSH      y.y..2.105, 4389      z.z.0.175, 445      
43      5/27/2009 0:42      RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x7EB171CD) *(HASH, NOTIFY:DPD_ACK)      x.x.133.213, 500      x.x.78.104, 500      
44      5/27/2009 0:42      SENDING>>>> ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x73EACD31) *(HASH, NOTIFY:DPD_REQUEST)      x.x.78.104, 500      x.x.133.213, 500      
45      5/27/2009 0:42      TCP connection dropped      41.213.68.124, 60169, WAN      x.x.78.104, 6346, WAN      TCP Port: 6346
46      5/27/2009 0:42      VPN TCP FIN      y.y..2.105, 4386      z.z.0.15, 445      
47      5/27/2009 0:41      VPN TCP SYN      z.z.0.15, 139      y.y..2.105, 4385      
48      5/27/2009 0:41      Broadcast packet dropped      y.y..2.105, 0, LAN      y.y..2.255, 46976, LAN      Protocol:137
49      5/27/2009 0:41      RECEIVED<<< ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x216A3443) *(HASH, NOTIFY:DPD_ACK)      x.x.133.213, 500      x.x.78.104, 500      
50      5/27/2009 0:41      SENDING>>>> ISAKMP OAK INFO (InitCookie 0xefa8e314417a844c, MsgID: 0x5FF86B98) *(HASH, NOTIFY:DPD_REQUEST)      x.x.78.104, 500      x.x.133.213, 500      

log.txt
Avatar of Qlemo
DPD is a negotiated option. If the negotiation fails, no DPD will be used. The frequency of DPD is determined by configured and negotiated options. You should be able to change this in your tunnel configuration hence (on both sides!).
Avatar of respawn

ASKER

I guess I didn't fully understand the issue. I didn't know what DPD was or why it was appearing in the logs of one of my sonicwalls and not others. Turns out that in  Log > Categories 'Network Debug' was enabled which showed the DPD transactions. It had nothing to do with anything about why the VPN was goiung down. On that note, we did isolate the connection issue to the modem. All the dust was making it overheat and not work right. After we replaced the modem everythig worked just fine.

Thanks for the help.