Manualshelf

R21xx-HP FlexFabric 11900 Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
251252253254255256257258259260
245
Syntax
ike keepalive timeout seconds
undo ike keepalive timeout
Default
The negotiated aging time for the IKE SA applies.
Views
System view
Predefined user roles
network-admin
Parameters
seconds: Specifies the number of seconds between IKE keepalive messages. The value is in the range of
20 to 28800.
Usage guidelines
If the local receives no keepalive packets from the peer during the timeout time, the IKE SA is deleted
along with the IPsec SAs it negotiated.
The keepalive timeout time configured at the local must be longer than the keepalive interval configured
at the peer. Since it seldom occurs that more than three consecutive packets are lost on a network, you
can set the keepalive timeout three times as long as the keepalive interval.
Examples
# Set the keepalive timeout time to 20 seconds.
<Sysname> system-view
[Sysname] ike keepalive timeout 20
Related commands
ike keepalive interval
ike keychain
Use ike keychain to create an IKE keychain and enter IKE keychain view.
Use undo ike keychain to delete an IKE keychain.
Syntax
ike keychain keychain-name [ vpn-instance vpn-name ]
undo ike keychain keychain-name [ vpn-instance vpn-name ]
Default
No IKE keychain is configured.
Views
System view
Predefined user roles
network-admin