R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
136
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a DPD detector and
enter its view.
ike dpd dpd-name N/A
3. Set the DPD interval.
interval-time interval-time
Optional.
The default DPD interval is 10 seconds.
4. Set the DPD packet
retransmission interval.
time-out time-out
Optional.
The default DPD packet retransmission
interval is 5 seconds.
Disabling next payload field checking
The Next payload field is in the generic payload header of the last payload of the IKE negotiation
message (the message comprises multiple payloads). According to the protocol, this field must be 0 if the
payload is the last payload of the packet. However, it may be set to other values on some brands of
devices. For interoperability, disable the checking of this field.
To disable Next payload field checking:
Ste
p
Command
Remar
k
1. Enter system view.
system-view N/A
2. Disable Next payload field
checking.
ike next-payload check disabled Enabled by default.
Displaying and maintaining IKE
Task Command
Remarks
Display IKE DPD information.
display ike dpd [ dpd-name ] [ | { begin |
exclude | include } regular-expression ]
Available in any view
Display IKE peer information.
display ike peer [ peer-name ] [ | { begin |
exclude | include } regular-expression ]
Available in any view
Display IKE SA information.
display ike sa [ verbose [ connection-id
connection-id | remote-address
remote-address ] ] [ | { begin | exclude |
include } regular-expression ]
Available in any view
Display IKE proposal information.
display ike proposal [ | { begin | exclude |
include } regular-expression ]
Available in any view
Clear SAs established by IKE. reset ike sa [ connection-id ] Available in user view