537
Parameters
max-negotiating-sa
negotiation-limit
: Specifies the maximum number of half-open IKE SAs and
IPsec SAs. The value range for the
negotiation-limit
argument is 1 to 99999.
max-sa
sa-limit
: Specifies the maximum number of established IKE SAs. The value range for the
sa-limit
argument is 1 to 99999.
Usage guidelines
The supported maximum number of half-open IKE SAs depends on the device's processing
capability. Adjust the maximum number of half-open IKE SAs to make full use of the device's
processing capability without affecting the IKE SA negotiation efficiency.
The supported maximum number of established IKE SAs depends on the device's memory space.
Adjust the maximum number of established IKE SAs to make full use of the device's memory space
without affecting other applications in the system.
Examples
# Set the maximum number of half-open IKE SAs and IPsec SAs to 200.
<Sysname> system-view
[Sysname] ike limit max-negotiating-sa 200
# Set the maximum number of established IKE SAs to 5000.
<Sysname> system-view
[Sysname] ike limit max-sa 5000
ike logging negotiation enable
Use
ike logging negotiation enable
to enable logging for IKE negotiation.
Use
undo ike logging negotiation packet enable
to disable logging for IKE negotiation.
Syntax
ike logging negotiation enable
undo
ike logging negotiation enable
Default
Logging for IKE negotiation is disabled.
Views
System view
Predefined user roles
network-admin
Usage guidelines
This command enables the device to output logs for the IKE negotiation process.
This command is available only in non-FIPS mode.
Examples
# Enable logging for IKE negotiation.
<Sysname> system-view
[Sysname] ike logging negotiation enable
Summary of Contents for FlexNetwork MSR Series
Page 1005: ...987 ...