Huawei AR1200 series Configuration Manual page 311

Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN
The new global lifetime does not affect the IPSec policies that have their own lifetime or the
SAs that have been established. The new global lifetime will be used to establish new SAs during
IKE negotiation.
Step 3 Run:
ike heartbeat-timer interval interval
The interval for sending heartbeat packets is set.
Step 4 Run:
ike heartbeat-timer timeout interval
The timeout interval of heartbeat packets is set.
If the interval for sending heartbeat packets is set on one end, the timeout interval of heartbeat
packets must be set on the other end.
On a network, packet loss rarely occurs consecutively more than three times. Therefore, the
timeout interval of heartbeat packets on one end can be set to three times the interval for sending
heartbeat packets on the other end.
Step 5 Run:
ike nat-keepalive-timer interval interval
The interval for sending NAT keepalive packets is set.
Step 6 Run:
ipsec anti-replay { enable | disable }
The anti-replay function is set.
Step 7 Run:
ipsec df-bit { clear | set | copy }
The DF flag bit is set on the IPSec tunnel.
Step 8 Run:
ipsec fragmentation before-encryption
The fragmentation mode of IPSec packets is set.
Step 9 Run:
ike peer
The IKE peer view is displayed.
Step 10 Run:
local-address address
The IP address of the local end is configured.
Step 11 Run following commands to configure the dead peer detection (DPD) function.
l
l
Issue 01 (2012-04-20)
Run:
dpd { idle-time seconds | retransmit-interval seconds | retry-limit times }
The idle time for DPD, retransmission interval of DPD packets, and maximum number of
retransmissions are set.
Run:
dpd msg { seq-hash-notify | seq-notify-hash }
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5 IPSec Configuration
300