Ike Dpd - H3C MSR Series Command Reference Manual

To modify or delete an address pool, you must delete all IKE SAs and IPsec SAs. Otherwise, the
assigned IPv4 addresses might not be reclaimed.
Examples
# Configure an IKE IPv4 address pool with the name ipv4group, address range 1.1.1.1 to 1.1.1.2,
and the mask 255.255.255.0.
<Sysname> system-view
[Sysname] ike address-group ipv4group 1.1.1.1 1.1.1.2 255.255.255.0
# Configure an IKE IPv4 address pool with the name ipv4group, address range 1.1.1.1 to 1.1.1.2,
and the mask length 32.
<Sysname> system-view
[Sysname] ike address-group ipv4group 1.1.1.1 1.1.1.2 32
Related commands
aaa authorization

ike dpd

Use ike dpd to configure global IKE DPD.
Use undo ike dpd to disable global IKE DPD.
Syntax
ike dpd interval interval [ retry seconds ] { on-demand | periodic }
undo ike dpd interval
Default
Global IKE DPD is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
interval interval: Specifies a DPD triggering interval in the range of 1 to 300 seconds.
retry seconds: Specifies the DPD retry interval in the range of 1 to 60 seconds. The default is 5
seconds.
on-demand: Triggers DPD on demand. The device triggers DPD if it has IPsec traffic to send and
has not received any IPsec packets from the peer for the specified interval.
periodic: Triggers DPD at regular intervals. The device triggers DPD at the specified interval.
Usage guidelines
DPD is triggered periodically or on-demand. As a best practice, use the on-demand mode when the
device communicates with a large number of IKE peers. For an earlier detection of dead peers, use
the periodical triggering mode, which consumes more bandwidth and CPU.
When DPD settings are configured in both IKE profile view and system view, the DPD settings in IKE
profile view apply. If DPD is not configured in IKE profile view, the DPD settings in system view apply.
It is a good practice to set the triggering interval longer than the retry interval so that a DPD detection
does not occur during a DPD retry.
589