beautypg.com

Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 598

background image

Brocade Mobility RFS Controller CLI Reference Guide

585

53-1003098-01

7

crypto ikev1 [dpd-keepalive <10-3600>|dpd-retries <1-100>|nat-keepalive

<10-3600>|

peer |policy |remote-vpn]

crypto ikev2 [cookie-challenge-threshold <1-100>|dpd-keepalive <10-3600>|

dpd-retries <1-100>|nat-keepalive <10-3600>|peer |

policy |remote-vpn]

crypto ipsec df-bit [clear|copy|set]

crypto ipsec security-association lifetime [kilobytes <500-2147483646>|

seconds <120-86400>]

ikev1

Configures the IKEv1 parameters

dpd-keepalive
<10-3600>

Sets the global Dead Peer Detection (DPD) interval from 10 - 3600 seconds

dpd-retries <1-1000>

Sets the global DPD retries count from 1- 1000

nat-keepalive
<10-3600>

Sets the global NAT keepalive interval from 10 - 3600 seconds

peer

Specify the Name/Identifier for the IKEv1 peer. For IKEV1 peer configuration commands, see

crypto-ikev1/ikev2-peer commands

.

policy

Configures an ISKAMP policy. Specify the name of the policy.
The local IKE policy and the peer IKE policy must have matching group settings for successful
negotiations.
For IKEV1 policy configuration commands, see

crypto-ikev1/ikev2-policy commands

.

remote-vpn

Specifies the IKEV1 remote-VPN server configuration (responder only)

ikev2

Configures the IKEv2 parameters

cookie-challenge-threshold
<1-100>

Starts cookie challenge after half open IKE SAs exceeds the specified limit. Sets the limit from
1 - 100

dpd-keepalive
<10-3600>

Sets the global DPD interval from 10 - 3600 seconds

dpd-retries <1-100>

Sets the global DPD retries count from 1 - 100

nat-keepalive
<10-3600>

Sets the global NAT keepalive interval from 10 - 3600 seconds

peer

Specify the Name/Identifier for the IKEv2 peer

policy

Configures an ISKAMP policy. Specify the policy name.
The local IKE policy and the peer IKE policy must have matching group settings for successful
negotiations.

remote-vpn

Specifies an IKEV2 remote-VPN server configuration (responder only)

ipsec

Configures the Internet Protocol Security (IPSec) policy parameters

df-bit [clear|copy|set]

Configures DF bit handling for encapsulating header. The options are:

clear – Clears the DF bit in the outer header and ignores in the inner header

copy – Copies the DF bit from the inner header to the outer header

set – Sets the DF bit in the outer header

ipsec

Configures the IPSec policy parameters

See also other documents in the category Brocade Computer Accessories: