Table of Contents
Advertisement
Default
IKEv2 DPD is disabled. The global IKEv2 DPD settings are used.
Views
IKEv2 profile view
Predefined user roles
network-admin
Parameters
interval interval
retry seconds
seconds.
on-demand
has not received any IPsec packets from the peer for the specified interval.
: Triggers DPD at regular intervals. The device triggers DPD at the specified interval.
periodic
Usage guidelines
DPD is triggered periodically or on-demand. As a best practice, use the on-demand mode when the
device communicates with a large number of IKEv2 peers. For an earlier detection of dead peers,
use the periodic triggering mode, which consumes more bandwidth and CPU.
The triggering interval must be longer than the retry interval, so that the device will not trigger a new
round of DPD during a DPD retry.
Examples
# Configure on-demand IKEv2 DPD. Set the DPD triggering interval to 10 seconds and the retry
interval to 5 seconds.
<Sysname> system-view
[Sysname] ikev2 profile profile1
[Sysname-ikev2-profile-profile1] dpd interval 10 retry 5 on-demand
Related commands
ikev2 dpd
encryption
Use
encryption
Use
undo encryption
Syntax
encryption { 3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 |
aes-ctr-128
camellia-cbc-192 | camellia-cbc-256 | des-cbc } *
undo encryption
Default
No encryption algorithm is specified for an IKEv2 proposal.
Views
IKEv2 proposal view
: Specifies a DPD triggering interval in the range of 10 to 3600 seconds.
Specifies the DPD retry interval in the range of 2 to 60 seconds. The default is 5
: Triggers DPD on demand. The device triggers DPD if it has IPsec traffic to send and
to specify encryption algorithms for an IKEv2 proposal.
to restore the default.
|
aes-ctr-192
|
aes-ctr-256
16
|
camellia-cbc-128
|
Advertisement
Chapters
Table of Contents
