222
2. If the time interval exceeds the DPD interval, it sends a DPD hello to the peer to detect its
liveliness.
To configure the IKEv2 DPD function:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Configure the IKEv2 DPD
function.
ikev2 dpd
interval
{
on-demand |
periodic
}
Disabled by default.
The DPD configuration here is the global configuration. You can also configure the DPD function in
IKEv2 profile view. In this case, the configuration in IKEv2 profile view takes precedence.
Setting limits on the number of IKEv2 SAs
IKEv2 can limit the number of half-open and established IKEv2 SAs.
To set the maximum number of half-open IKEv2 SAs or the maximum number of established IKEv2
SAs:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Set the maximum number
of half-open IKEv2 SAs or
the maximum number of
established IKEv2 SAs.
ikev2 limit
{
max-in-negotiation-sa
|
max-sa
}
limit
Optional.
By default, the maximum
number of half-open IKEv2 SAs
is 1000, and the maximum
number of established IKEv2
SAs is 10000.
NOTE:
• KEv2 SAs being rekeyed are not counted in the number of half-open IKEv2 SAs.
• Rekeyed IKEv2 SAs are not counted in the number of established IKEv2 SAs if the old ones are
already counted.
Configuring an address pool for assigning addresses to
initiators
You can configure an address pool on the device so that the device, when working as IKEv2
negotiation responder, can assign addresses to negotiation initiators.
To configure an address pool for IKEv2 to use to assign addresses to initiators:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Configure an address pool
for IKEv2 to use to assign
addresses to initiators.
ikev2
{
ip-pool
pool-name
ipv4-start-address
ipv4-end-address |
ipv6-pool
pool-name
ipv6-start-address
ipv6-end-address }
By default, no address pool
exists.
To Next Page
Loading...
Need help?
General
