DPD method and equipment based on IPsec

The invention discloses a DPD (Dead Peer Detection) method and equipment based on IPsec (Internet Protocol Security). The method comprises the steps that detecting equipment selects a finally negotiated IKESA (Internet Key Exchange Security Association) from a plurality of IKESAs when the IKESAs corresponding to detected equipment exist on the detecting equipment, conducts encryption processing on a DPD request message by the selected IKESA, and sends the DPD request message to the detected equipment; if the detecting equipment receives a DPD response message, the detecting equipment conducts decryption processing on the DPD response message; if the decryption is successful, the detected equipment exists; and if the decryption is unsuccessful or no DPD response message is received, the detected equipment does not exist. With the adoption of the method and the equipment, CPU (Central Processing Unit) resources can be saved.