R21xx-HP FlexFabric 11900 Security Command Reference
241
Parameters
aggressive: Specifies the aggressive mode.
main: Specifies the main mode.
Usage guidelines
When the user (for example, a dial-up user) at the local end of an IPsec tunnel obtains an IP address
automatically and pre-shared key authentication is used, HP recommends that you set the IKE negotiation
mode to aggressive at the local end.
This command is only applicable to non-FIPS mode. In FIPS mode, the IKE negotiation mode for IKE
negotiation phase 1 is fixed to the main mode.
Examples
# Specify that IKE negotiation operates in main mode.
<Sysname> system-view
[Sysname] ike profile 1
[Sysname-ike-profile-1] exchange-mode main
Related commands
display ike proposal
ike dpd
Use ike dpd to enable sending DPD messages.
Use undo ike dpd to disable the DPD feature.
Syntax
ike dpd interval interval-seconds [ retry seconds ] { on-demand | periodic }
undo ike dpd interval
Default
IKE DPD is disabled.
Views
System view
Predefined user roles
network-admin
Parameters
interval interval-seconds: Specifies a period of time in seconds. The value range is from 1 to 300.
• If the on-demand keyword is specified, this parameter specifies the number of seconds during
which no IPsec packet is received before DPD is triggered if the local has IPsec traffic to send.
• If the periodic keyword is specified, this parameter specifies a DPD triggering interval.
retry seconds: Specifies the number of seconds between DPD retries if the DPD message fails. The value
for the second argument is from 1 to 60 seconds, and defaults to 5 seconds.
on-demand: Sends DPD messages on demand.
periodic: Sends DPD messages at regular intervals.