366
Parameters
keychain-name: Specifies an IKE keychain name, a case-insensitive string of 1 to 63 characters.
vpn-instance vpn-name: Specifies the MPLS L3VPN to which the IKE keychain belongs. The vpn-name
argument is a case-sensitive string of 1 to 31 characters. To create an IKE keychain for the public network,
do not specify this option.
Usage guidelines
To use pre-shared key authentication, you must create and specify an IKE keychain for the IKE profile.
Examples
# Create IKE keychain key1 and enter its view.
<Sysname> system-view
[Sysname] ike keychain key1
[Sysname-ike-keychain-key1]
Related commands
• authentication-method
• pre-shared-key
ike limit
Use ike limit to set the maximum number of half-open IKE SAs and the maximum number of established
IKE SAs.
Use undo ike limit to restore the default.
Syntax
ike limit { max-negotiating-sa negotiation-limit | max-sa sa-limit }
undo ike limit { max-negotiating-sa | max-sa }
Default
There is no limit to the maximum number of IKE SAs.
Views
System view
Predefined user roles
network-admin
Parameters
max-negotiating-sa negotiation-limit: Specifies the maximum number of half-open IKE SAs, in the range
of 1 to 99999.
max-sa sa-limit: Specifies the maximum number of established IKE SAs, in the range of 1 to 99999.
Usage guidelines
The supported maximum number of half-open IKE SAs depends on the device's processing capability.
Adjust the maximum number of half-open IKE SAs to make full use of the device's processing capability
without affecting the IKE SA negotiation efficiency.
To Next Page
Loading...
