3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide
IKE Configuration Commands 417
the authentication-method, encryption-algorithm, dh,
authentication-algorithm, and sa duration command.
The Default IKE proposal has the following default parameters:
Encryption algorithm: DES-CBC
Authentication algorithm: HMAC-SHA1
Authentication method: Pre-Shared Key
DH group ID: MODP_768
SA duration: 86400 seconds
These parameters will be used to establish a security tunnel once these parameters
are confirmed by the both sides of the negotiation.
Both sides of the negotiation can be configured more then one IKE proposal.
During the negotiation, the IKE proposals in both sides are selected to match one
by one, by turns of their priority level. The parameters that must be same during
the match are encryption algorithm, authentication algorithm, authentication
method, and DH group. The sa duration is decided by the initiator of the
negotiation, needing no agreement.
Related command: authentication-algorithm, encryption-algorithm,dh,
authentication-algorithm, sa duration, display crypto isakmp policy.
Example
# Define IKE proposal 10.
[SecBlade_VPN] ike proposal 10
[SecBlade_VPN-ike-proposal-10] authentication-algorithm md5
[SecBlade_VPN-ike-proposal-10] authentication-method pre-share
[SecBlade_VPN-ike-proposal-10] sa duration 5000
ike sa keepalive-timer
interval
Syntax
ike sa keepalive-timer interval seconds
undo ike sa keepalive-timer interval
View
System view
Parameter
seconds: Specifies the interval for sending Keepalive packet to the remote end
through ISAKMP SA. It can be set to a value in the range 20 to 28800.
Description
Use the ike sa keepalive-timer interval command to configure the interval for
sending Keepalive packet to the remote end through ISAKMP SA.
Use the undo ike sa keepalive-timer interval command to disable the function.