Encryption - HP FlexNetwork MSR Series Command Reference Manual

Parameters
interval interval: Specifies a DPD triggering interval in the range of 10 to 3600 seconds.
retry seconds: Specifies the DPD retry interval in the range of 2 to 60 seconds. The default is 5
seconds.
on-demand: Triggers DPD on demand. The device triggers DPD if it has IPsec traffic to send and
has not received any IPsec packets from the peer for the specified interval.
periodic: Triggers DPD at regular intervals. The device triggers DPD at the specified interval.
Usage guidelines
DPD is triggered periodically or on-demand. As a best practice, use the on-demand mode when the
device communicates with a large number of IKEv2 peers. For an earlier detection of dead peers,
use the periodic triggering mode, which consumes more bandwidth and CPU.
The triggering interval must be longer than the retry interval, so that the device will not trigger a new
round of DPD during a DPD retry.
Examples
# Configure on-demand IKEv2 DPD. Set the DPD triggering interval to 10 seconds and the retry
interval to 5 seconds.
<Sysname> system-view
[Sysname] ikev2 profile profile1
[Sysname-ikev2-profile-profile1] dpd interval 10 retry 5 on-demand
Related commands
ikev2 dpd

encryption

Use encryption to specify encryption algorithms for an IKEv2 proposal.
Use undo encryption to restore the default.
Syntax
In non-FIPS mode:
encryption { 3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | aes-ctr-128 | aes-ctr-192 |
aes-ctr-256 | camellia-cbc-128 | camellia-cbc-192 | camellia-cbc-256 | des-cbc } *
undo encryption
In FIPS mode:
encryption { aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | aes-ctr-128 | aes-ctr-192 | aes-ctr-256 } *
undo encryption
Default
No encryption algorithm is specified for an IKEv2 proposal.
Views
IKEv2 proposal view
Predefined user roles
network-admin
Parameters
3des-cbc: Uses the 3DES algorithm in CBC mode, which uses a 168-bit key.
568