display ike global config
Usage Guidelines
You can run this command to view the global IKE configuration, such as the local name used in IKE negotiation, interval at which an IKE SA sends a heartbeat packet, timeout interval of heartbeat packets, and interval at which an IKE SA sends an NAT keepalive packet.
Example
# Display the global IKE configuration.
<AC6605> display ike global config IKE Global Config: -------------------------------------------------------------- IKE local-name : huawei IKE heartbeat-timer interval : 30 IKE heartbeat-timer timeout : 100 IKE nat-keepalive-timer interval : 52 IKEv1 phase1-phase2 sa dependent : enable IKE call admission : 800 IKEv2 cookie-challenge : 25000 IKE DSCP : - IKEv2 id-match-certificate : disable IKEv2 initial-contact : enable IKEv2 delete old child-sa : enable --------------------------------------------------------------
Item |
Description |
---|---|
IKE Global Config |
Global configuration of IKE. |
IKE local-name |
Local name used in IKE negotiation. To set the local name used in IKE negotiation, run the ike local-name command. If ike local-name is not configured on the local end, the name specified by the sysname command is used for IKE negotiation. |
IKE heartbeat-timer interval |
Interval at which an IKE SA sends a heartbeat packet, in seconds. To set the interval at which an IKE SA sends a heartbeat packet, run the ike heartbeat-timer interval command. |
IKE heartbeat-timer timeout |
Timeout interval of heartbeat packets, in seconds. To set the timeout interval of heartbeat packets, run the ike heartbeat-timer timeout command. |
IKE nat-keepalive-timer interval |
Interval at which an IKE SA sends an NAT keepalive packet, in seconds. To set the interval at which an IKE SA sends an NAT keepalive packet, run the ike nat-keepalive-timer interval command. |
IKEv1 phase1-phase2 sa dependent | Whether IPSec SA depends on IKE SA during IKEv1 negotiation.
To configure dependency between IPSec SA and IKE SA, run the ikev1 phase1-phase2 sa dependent command. |
IKE call admission | Maximum number of IKE SAs waiting in a queue. To configure the maximum value, run the ike call admission limit in-negotiation-sa command. |
IKEv2 cookie-challenge | Maximum number of half-open connections allowed by IKEv2. To configure the maximum value, run the ikev2 cookie-challenge command. |
IKE DSCP | Global DSCP priority of IKE packets. To configure the global DSCP priority, run the ike dscp command. |
IKEv2 id-match-certificate | Whether the function of checking certificate identity information
of the remote device during IKEv2 certificate negotiation is enabled:
To configure this function, run the ikev2 id-match-certificate enable command. |
IKEv2 initial-contact | Whether to send the INITIAL_CONTACT notify payload in the
first IKE_AUTH request.
To configure this function, run the ikev2 initial-contact enable command. |
IKEv2 delete old child-sa | Whether the function of instructing the peer device to delete
the old child SA is enabled:
To configure the function, run the ikev2 delete old child-sa enable command. |