Configuring The Ikev2 Nat Keepalive Feature; Configuring Ikev2 Address Pools; Displaying And Maintaining Ikev2 - HP FlexNetwork 10500 Series Security Configuration Manual

Step
1. Enter system view.
2. Configure global IKEv2
DPD.

Configuring the IKEv2 NAT keepalive feature

Configure this feature on the IKEv2 gateway behind the NAT device. The gateway then sends NAT
keepalive packets regularly to its peer to keep the NAT session alive, so that the peer can access the
device.
The NAT keepalive interval must be shorter than the NAT session lifetime.
This feature takes effect after the device detects the NAT device.
To configure the IKEv2 NAT keepalive feature:
Step
1. Enter system view.
2. Set the IKEv2 NAT keepalive
interval.

Configuring IKEv2 address pools

To perform centralized management on remote users, an IPsec gateway can use an address pool to
assign private IP addresses to remote users.
You must use an IKEv2 address pool together with AAA authorization by specifying the IKEv2
address pool as an AAA authorization attribute. For more information about AAA authorization, see
"Configuring
To configure IKEv2 address pools:
Step
1. Enter system view.
2. Configure an IKEv2 IPv4
address pool.
3. Configure an IKEv2 IPv6
address pool.

Displaying and maintaining IKEv2

Execute display commands in any view and reset commands in user view.
Task
Display the IKEv2 proposal configuration.
Command
system-view
ikev2 dpd interval interval [ retry
seconds ] { on-demand | periodic }
Command
system-view
ikev2 nat-keepalive seconds
AAA."
Command
system-view
ikev2 address-group
group-name start-ipv4-address
end-ipv4-address [ mask |
mask-length ]
ikev2 ipv6-address-group
group-name prefix
prefix/prefix-len assign-len
assign-len
Command
display ikev2 proposal [ name | default ]
345
Remarks
N/A
By default, global DPD is
disabled.
Remarks
N/A
By default, the IKEv2 NAT
keepalive interval is 10 seconds.
Remarks
N/A
By default, no IKEv2 IPv4 address
pool exists.
By default, no IKEv2 IPv6 address
pool exists.