R2511-HP MSR Router Series Security Command Reference(V5)
284
[Sysname] ikev2 ipv6-pool ipv6pool 1:1::1:1 1:1::1:2
Related commands
client configuration address respond
ikev2 cookie-challenge
Use ikev2 cookie-challenge to enable the cookie challenging function and set the maximum number of
half-open IKE SAs. This function can protect an IKEv2 responder against DoS attacks that use a large
number of source IP addresses to forge IKE_INIT_SA requests. When the number of half-open IKE SAs
reaches a certain threshold, this function generates a cookie and puts the cookie in the response sent to
the initiator. Only when the initiator can initiate a new IKE_INIT_SA request that carries the correct
cookie does the responder consider the initiator valid and proceed with the negotiation.
Use undo ikev2 cookie-challenge to disable the cookie challenging function.
Syntax
ikev2 cookie-challenge number
undo ikev2 cookie-challenge
Default
The cookie challenging function is disabled.
Views
System view
Default command level
2: System level
Parameters
number: Specifies the threshold for triggering the cookie challenging mechanism, in the range of 1 to
1000.
Examples
# Enable the cookie challenging function and set the threshold to 450.
<Sysname> system-view
[Sysname] ikev2 cookie-challenge 450
ikev2 dpd
Use ikev2 dpd to configure the IKEv2 DPD function.
Use undo ikev2 dpd to disable the IKEv2 DPD function.
Syntax
ikev2 dpd interval { on-demand | periodic }
undo ikev2 dpd
Default
IKEv2 DPD is disabled.
Views
System view