Huawei quidway s7700 Configuration Manual page 138

Quidway S7700 Smart Routing Switch
Configuration Guide - SPU
The new global lifetime does not affect the IPSec policies that have their own lifetime or the
SAs that have been established. The new global lifetime will be used to establish new SAs during
IKE negotiation.
Step 3 Run:
ike heartbeat-timer interval interval
The interval for sending heartbeat packets is set.
Step 4 Run:
ike heartbeat-timer timeout interval
The timeout interval of heartbeat packets is set.
If the interval for sending heartbeat packets is set on one end, the timeout interval of heartbeat
packets must be set on the other end.
On a network, packet loss rarely occurs consecutively more than three times. Therefore, the
timeout interval of heartbeat packets on one end can be set to three times the interval for sending
heartbeat packets on the other end.
Step 5 Run:
ike nat-keepalive-timer interval interval
The interval for sending NAT keepalive packets is set.
Step 6 Run:
ipsec anti-replay { enable | disable }
The anti-replay function is enabled.
Step 7 Run:
ike peer
The IKE peer view is displayed.
Step 8 Run:
local-address address
The IP address of the local end is configured.
Step 9 Run following commands to configure the dead peer detection (DPD) function.
l
l
l
----End
Issue 01 (2011-07-15)
Run:
dpd { idle-time seconds | retransmit-interval seconds | retry-limit times }
The idle time for DPD, retransmission interval of DPD packets, and maximum number of
retransmissions are set.
Run:
dpd msg { seq-hash-notify | seq-notify-hash }
The sequence of payload in DPD packets is configured.
Run:
dpd type { on-demand | periodic }
The DPD mode is configured.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 IPSec Configuration
127