R2511-HP MSR Router Series Security Command Reference(V5)
277
Field Descri
p
tion
Max in nego Maximum number of IKEv2 SAs that can be concurrently negotiated.
Total IKEv2 SA Count Total number of IKEv2 SAs.
active Number of IKEv2 SAs established.
negotiating Number of IKEv2 SAs under negotiation.
Rejected IKEv2 Requests Total number of rejected IKEv2 negotiation requests.
SA limit
Number of IKEv2 negotiation requests rejected because the
maximum number of IKEv2 SAs was reached.
rejected no cookie
Number of cookie-challenge requests rejected due to lack of the
cookie.
Related commands
reset ikev2 statistics
dpd (IKEv2 profile view)
Use dpd to configure the IKEv2 DPD function.
Use undo dpd to disable the IKEv2 DPD function.
Syntax
dpd interval { on-demand | periodic }
undo dpd
Default
IKEv2 DPD is disabled.
Views
IKEv2 profile view
Default command level
2: System level
Parameters
interval: Specifies the IKEv2 dead peer detection (DPD) interval in seconds, in the range of 1 to 300.
on-demand: Specifies DPD in on-demand mode.
periodic: Specifies DPD in periodic mode.
Usage guidelines
In on-demand mode, the DPD function works as follows:
1. When the local end sends an IPsec packet, it checks the time the last IPsec packet was received
from the peer.
2. If the time interval exceeds the DPD interval, it sends a DPD hello to the peer to detect its liveliness.
In periodic mode, the DPD function sends DPD hellos to the peer at the specified interval to detect the
liveliness of the peer.
If you configure DPD in both IKEv2 profile view and system view, the configuration in IKEv2 profile view
takes precedence.