Dpd - HP FlexFabric 7900 Series Command Reference Manual

Field
Authentication-method
Authentication-algorithm
Encryption-algorithm
Life duration(sec)
Remaining key duration(sec)
Exchange-mode
Diffie-Hellman group
NAT traversal

dpd

Use dpd to enable the device to send DPD messages.
Use undo dpd to disable the IKE DPD function.
Syntax
dpd interval interval-seconds [ retry seconds ] { on-demand | periodic }
undo dpd interval
Default
IKE DPD is disabled.
Views
IKE profile view
Predefined user roles
network-admin
Parameters
interval interval-seconds: Specifies a period of time in seconds. The value range is from 1 to 300.
If the on-demand keyword is specified, this parameter specifies the number of seconds during
•
which no IPsec packet is received before DPD is triggered if the local end has IPsec traffic to send.
If the periodic keyword is specified, this parameter specifies a DPD triggering interval.
•
retry seconds: Specifies the number of seconds between DPD retries if the DPD message fails. The value
for the second argument is from 1 to 60 seconds, and it defaults to 5 seconds.
on-demand: Sends DPD messages on demand.
periodic: Sends DPD messages at regular intervals.
Usage guidelines
DPD is triggered periodically or on-demand. The on-demand mode is recommended when the device
communicates with a large number of IKE peers. For an earlier detection of dead peers, use the periodic
triggering mode, which consumes more bandwidth and CPU.
Description
Authentication method used by the IKE proposal.
Authentication algorithm used by the IKE proposal:
•
MD5—HMAC-MD5 algorithm.
•
SHA1—HMAC-SHA1 algorithm.
Encryption algorithm used by the IKE proposal.
Lifetime of the IKE SA in seconds.
Remaining lifetime of the IKE SA in seconds.
IKE negotiation mode in phase 1: main mode or aggressive mode.
DH group used for key negotiation in IKE phase 1.
Whether NAT traversal is detected.
156