Ike Keychain - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
The keepalive timeout time configured at the local end must be longer than the keepalive interval
configured at the peer. Because more than three consecutive packets are rarely lost on a network,
you can set the keepalive timeout time to three times as long as the keepalive interval.
Examples
# Set the keepalive timeout time to 20 seconds.
<Sysname> system-view
[Sysname] ike keepalive timeout 20
Related commands
ike keepalive interval
ike keychain
Use ike keychain to create an IKE keychain and enter its view, or enter the view of an existing IKE
keychain.
Use undo ike keychain to delete an IKE keychain.
Syntax
ike keychain keychain-name [ vpn-instance vpn-instance-name ]
undo ike keychain keychain-name [ vpn-instance vpn-instance-name ]
Default
No IKE keychains exist.
Views
System view
Predefined user roles
network-admin
Parameters
keychain-name: Specifies an IKE keychain name, a case-insensitive string of 1 to 63 characters.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the IKE keychain
belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive
string of 1 to 31 characters. To create an IKE keychain for the public network, do not specify this
option.
Usage guidelines
To use pre-shared key authentication, you must create and specify an IKE keychain for the IKE
profile.
Examples
# Create the IKE keychain key1 and enter its view.
<Sysname> system-view
[Sysname] ike keychain key1
[Sysname-ike-keychain-key1]
Related commands
authentication-method
pre-shared-key
593
Advertisement
Table of Contents
