Table of Contents
Advertisement
Step
2.
Set the IKEv2 NAT keepalive
interval.
Displaying and maintaining IKEv2
Execute display commands in any view and reset commands in user view.
Task
Display the IKEv2 proposal configuration.
Display the IKEv2 policy configuration.
Display the IKEv2 profile configuration.
Display the IKEv2 SA information.
Delete IKEv2 SAs and the child SAs negotiated
through the IKEv2 SAs.
IKEv2 configuration examples
IKEv2 with pre-shared key authentication configuration
example
Network requirements
As shown in
secure the communication between the switches.
•
Configure Switch A and Switch B to use the default IKEv2 proposal and the default IKEv2 policy
in IKEv2 negotiation to set up IPsec SAs.
•
Configure the two switches to use the pre-shared key authentication method in IKEv2
negotiation.
Figure 93 Network diagram
Vlan-int1
1.1.1.1/16
Switch A
Configuration procedures
1.
Configure Switch A:
# Assign an IP address to VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-vlan-interface1] ip address 1.1.1.1 255.255.255.0
[SwitchA-vlan-interface1] quit
Command
ikev2 nat-keepalive seconds
Figure
93, configure an IKE-based IPsec tunnel between Switch A and Switch B to
Internet
Command
display ikev2 proposal [ name | default ]
display ikev2 policy [ policy-name | default ]
display ikev2 profile [ profile-name ]
display ikev2 sa [ { count | local | remote }
{ ipv4-address | ipv6 ipv6-address } [ vpn-instance
vpn-instance-name ] ] [ verbose [ tunnel tunnel-id ] ]
reset ikev2 sa [ [ { local | remote } { ipv4-address |
ipv6 ipv6-address } [ vpn-instance
vpn-instance-name ] ] | tunnel tunnel-id ] [ fast ]
Vlan-int1
2.2.2.2/16
Switch B
315
Remarks
By default, the IKEv2 NAT
keepalive interval is 10 seconds.
Advertisement
Table of Contents
Troubleshooting
