Ike Dpd - HPE FlexNetwork HSR6800 Security Command Reference
Hide thumbs
Also See for FlexNetwork HSR6800:
- Configuration manual (503 pages) ,
- Command reference manual (153 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
If the ID type of FQDN is used, configure a name without any at sign (@) for the local security
gateway, for example, foo.bar.com. If the ID type of user FQDN is used, configure a name with an at
sign (@) for the local security gateway, for example, test@foo.bar.com.
Examples
# Use the ID type of name during IKE negotiation.
<Sysname> system-view
[Sysname] ike peer peer1
[Sysname-ike-peer-peer1] id-type name
Related commands
•
local-name
•
ike local-name
•
remote-name
•
remote-address
•
local-address
•
exchange-mode
ike dpd
Use ike dpd to create a DPD detector and enter IKE DPD view.
Use undo ike dpd to remove a DPD detector.
Syntax
ike dpd dpd-name
undo ike dpd dpd-name
Views
System view
Default command level
2: System level
Parameters
dpd-name: Specifies the name for the DPD detector, a string of 1 to 32 characters.
Usage guidelines
DPD irregularly detects dead IKE peers. It works as follows:
1.
When the local end sends an IPsec packet, it checks the time the last IPsec packet was
received from the peer.
2.
If the time interval exceeds the DPD interval, it sends a DPD hello to the peer.
3.
If the local end receives no DPD acknowledgement within the DPD packet retransmission
interval, it retransmits the DPD hello.
4.
If the local end still receives no DPD acknowledgement after having made the maximum
number of retransmission attempts (two by default), it considers the peer already dead, and
clears the IKE SA and the IPsec SAs based on the IKE SA.
DPD enables an IKE entity to check the liveliness of its peer only when necessary. It generates less
traffic than the keepalive mechanism, which exchanges messages periodically.
Examples
# Create a DPD detector named dpd2.
314
Advertisement
Table of Contents
