4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

271

272

273

274

275

276

277

278

279

280

261

undo exchange-mode

Default

Main mode is used for phase 1.

Views

IKE profile view

Predefined user roles

network-admin

Parameters

aggressive: Specifies the aggressive mode.

main: Specifies the main mode.

Usage guidelines

When the user (for example, a dial-up user) at the local end of an IPsec tunnel obtains an IP address

automatically and pre-shared key authentication is used, HP recommends setting the IKE negotiation

mode to aggressive at the local end.

Examples

# Specify that IKE negotiation operates in main mode.

<Sysname> system-view

[Sysname] ike profile 1

[Sysname-ike-profile-1] exchange-mode main

Related commands

display ike proposal

ike dpd

Use ike dpd to enable sending DPD messages.

Use undo ike dpd to disable the DPD feature.

Syntax

ike dpd interval interval-seconds [ retry seconds ] { on-demand | periodic }

undo ike dpd interval

Default

IKE DPD is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

interval interval-seconds: Specifies a period of time in seconds. The value range is from 1 to 300.

• If the on-demand keyword is specified, this parameter specifies the number of seconds during

which no IPsec packet is received before DPD is triggered if the local end has IPsec traffic to send.