3Com Router 3000 Ethernet Family
Configuration Guide
Table 8-18 Configure timeout waiting time for Keepalive packet
Configure ISAKMP SA timeout time
for waiting Keepalive packet
Disable this function
IKE maintains this ISAKMP SA link status through this packet. If the peer Keepalive
packet is not received within configured timeout time, the ISAKMP SA and its
corresponding IPSec SA will be deleted. Therefore, configured timeout time should be
longer than Keepalive packet transmission time.
On the network, packet loss will rarely exceed 3 times, so timeout time can be
configured to be 3 times as long as Keepalive packet transmission time interval of the
peer.
By default, this function is invalid.
8.3 Displaying and Debugging IKE
After the above configuration, execute display command in all views to display the
running of the IKE configuration, and to verify the effect of the configuration.
Execute debugging and reset commands in user view.
Table 8-19 Display and debug IKE
Display the current established security
channel
Display the parameters of each IKE
proposal configuration.
Display the configuration of IKE peers
Delete a security channel
Enable the information debugging of IKE
Disable the information debugging of
IKE
You can delete a specified security channel by specifying SA connection-id which can
be displayed by executing the display ike sa command. So far as the same security
channel (that is, the same remote end) is concerned, the connection-id information
includes the information at stage 1 and the information at stage 2.
Operation
Operation
3Com Corporation
8-12
Chapter 8 IKE Configuration
Command
ike sa keepalive-timer timeout seconds
undo ike sa keepalive-timer timeout
Command
display ike sa [ verbose]
display ike proposal
display ike peer
reset ike sa [ connection-id ]
debugging ike { all | error | exchange |
message | misc | transport }
undo debugging ike { all | error |
exchange
|
message
transport }
|
misc|