364
Use caution when you enable the invalid SPI recovery feature, because using this feature can result in a
DoS attack. Attackers can make a great number of invalid SPI notifications to the same peer.
Examples
# Enable invalid SPI recovery.
<Sysname> system-view
[Sysname] ike invalid-spi-recovery enable
ike keepalive interval
Use ike keepalive interval to enable sending IKE keepalives and set the sending interval.
Use undo ike keepalive interval to restore the default.
Syntax
ike keepalive interval seconds
undo ike keepalive interval
Default
No IKE keepalives are sent.
Views
System view
Predefined user roles
network-admin
Parameters
seconds: Specifies the number of seconds between IKE keepalives, in the range of 20 to 28800.
Usage guidelines
To detect the status of the peer, configure IKE DPD instead of the IKE keepalive function, unless IKE DPD
is not supported on the peer.
The keepalive timeout time configured at the local must be longer than the keepalive interval configured
at the peer. Because more than three consecutive packets are rarely lost on a network, you can set the
keepalive timeout timer to three times as long as the keepalive interval.
Examples
# Set the keepalive interval to 200 seconds
<Sysname> system-view
[Sysname] ike keepalive interval 200
Related commands
ike keepalive timeout
ike keepalive timeout
Use ike keepalive timeout to set the IKE keepalive timeout time.
Use undo ike keepalive timeout to restore the default.
To Next Page
Loading...
