The dpd packet receive if-related enable command enables the function that checks whether the interface that receives DPD packets is the interface that establishes an IPSec SA.
The undo dpd packet receive if-related enable command disables the function that checks whether the interface that receives DPD packets is the interface that establishes an IPSec SA.
By default, the function that checks whether the interface that receives DPD packets is the interface that establishes an IPSec SA is disabled.
Usage Scenario
When IPSec policies with different names and the same parameters have been applied to multiple interfaces of the device and post-IPSec check has been enabled, the device discards encrypted traffic if the interface that receives encrypted traffic is not the interface that establishes an IPSec SA during an interface switchover. However, the DPD detection result of IKE peers is still normal, resulting in a failure to trigger IKE re-negotiation. As a result, services are interrupted for a long period of time. You need to run the dpd packet receive if-related enable command to enable the function that checks whether the interface that receives DPD packets is the interface that establishes an IPSec SA. If the two interfaces are different, DPD packets are discarded and the DPD detection result becomes abnormal. This causes the IPSec SA to be deleted and triggers IKE re-negotiation.
Precautions
This function applies only to the scenario where IPSec policies have been applied to physical interfaces.
The command configuration in the IKE peer view takes precedence over that in the system view. When there is no command configuration in the IKE peer view, the command configuration in the system view takes effect.