318
2. Set the IKEv2 NAT keepalive
interval.
ikev2 nat-keepalive
seconds
By default, the IKEv2 NAT
keepalive interval is 10 seconds.
Displaying and maintaining IKEv2
Execute display commands in any view and reset commands in user view.
Display the IKEv2 proposal configuration.
display ikev2 proposal
[ name |
default
]
Display the IKEv2 policy configuration.
display ikev2 policy
[ policy-name |
default
]
Display the IKEv2 profile configuration.
[ profile-name ]
Display the IKEv2 SA information.
display ikev2 sa
[ {
count
|
local
|
remote
}
{ ipv4-address |
ipv6
ipv6-address } [
vpn-instance
vpn-instance-name ] ] [
verbose
[
tunnel
tunnel-id ] ]
Delet
e IKEv2 SAs and the child SAs negotiated
through the IKEv2 SAs.
reset ikev2 sa
[ [
{
local
|
remote
} {
ipv4-address
|
ipv6
ipv6-address
} [
vpn-instance
vpn-instance-name ] ] |
tunnel-id ] [
]
IKEv2 configuration examples
IKEv2 with pre-shared key authentication configuration
example
Network requirements
As shown in Figure 93, configure an IKE-based IPsec tunnel between Switch A and Switch B to
secure the communication between the switches.
• Configure Switch A and Switch B to use the default IKEv2 proposal and the default IKEv2 policy
in IKEv2 negotiation to set up IPsec SAs.
• Configure the two switches to use the pre-shared key authentication method in IKEv2
negotiation.
Figure 93 Network diagram
Configuration procedures
1. Configure Switch A:
# Assign an IP address to VLAN-interface 1.
<SwitchA> system-view
[SwitchA] interface vlan-interface 1
[SwitchA-vlan-interface1] ip address 1.1.1.1 255.255.255.0
[SwitchA-vlan-interface1] quit
Internet
Vlan-int1
1.1.1.
1/16
Vlan
-int1
2.2.2.
2/16
Switch A Switch B
To Next Page
Loading...
Need help?
General