72
ï‚¡ Before the device sends data, it identifies the time interval for which the last IPsec packet
has been received from the peer. If the time interval exceeds the DPD interval, it sends a
DPD message to the peer to detect its liveliness.
ï‚¡ If the device has no data to send, it never sends DPD messages.
If you configure IKEv2 DPD in both IKEv2 profile view and system view, the IKEv2 DPD settings in
IKEv2 profile view apply. If you do not configure IKEv2 DPD in IKEv2 profile view, the IKEv2 DPD
settings in system view apply.
To configure global IKEv2 DPD:
1. Enter system view.
system-view
N/A
2. Configure global IKEv2
DPD.
ikev2 dpd interval
interval [
retry
seconds ] {
on-demand
|
periodic
}
By default, global DPD is
disabled.
Configuring the IKEv2 NAT keepalive feature
Configure this feature on the IKEv2 gateway behind the NAT device. The gateway then sends NAT
keepalive packets regularly to its peer to keep the NAT session alive, so that the peer can access the
device.
The NAT keepalive interval must be shorter than the NAT session lifetime.
This feature takes effect after the device detects the NAT device.
To configure the IKEv2 NAT keepalive feature:
1. Enter system view.
system-view
N/A
2. Set the IKEv2 NAT keepalive
interval.
ikev2 nat-keepalive
seconds
By default, the IKEv2 NAT
keepalive interval is 10 seconds.
Configuring IKEv2 address pools
To perform centralized management on remote users, an IPsec gateway can use an address pool to
assign private IP addresses to remote users.
You must use an IKEv2 address pool together with AAA authorization by specifying the IKEv2
address pool as an AAA authorization attribute. For more information about AAA authorization, see
"Configuring AAA."
To configure IKE address pools:
1. Enter system view.
system-view
N/A
To Next Page
Loading...
Need help?
General
