I'm unable to reliably use DTLS through my home NAT router, and it seems like I ought to be able to do something about that. According to cisco (http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect20/release/notes/cvcrn200.html#wp728824) it seems like the client can request dpd and keepalive, as opposed to having the server say to use it. Do we know what headers are used to request that? Alternatively, does anyone know how to configure the server (an asa with 8.2(2)16) to tell the client to use keepalive/dpd? I may be able to get the people who own my vpn server to turn that on. Thanks. X-CSTP-Version: 1 X-CSTP-Address: ... X-CSTP-Netmask: ... X-CSTP-DNS: ... X-CSTP-NBNS: .... X-CSTP-Lease-Duration: 1209600 X-CSTP-Session-Timeout: none X-CSTP-Idle-Timeout: 86400 X-CSTP-Disconnected-Timeout: 86400 X-CSTP-Default-Domain: .... X-CSTP-Split-Include: ... X-CSTP-Keep: true X-CSTP-DPD: disabled X-CSTP-Smartcard-Removal-Disconnect: true X-CSTP-Content-Encoding: deflate X-DTLS-Session-ID:... X-DTLS-Port: 443 X-DTLS-DPD: disabled X-CSTP-MTU: 1406 X-DTLS-CipherSuite: DES-CBC3-SHA X-CSTP-Routing-Filtering-Ignore: false CSTP connected. DPD 0, Keepalive 0
