Configuring Keepalive Timers
1907
its identity to the peer, whereas the peer uses the IP address configured with
the
remote-name
ip-address
command to authenticate the initiator.
Therefore, the local IP address for a device must be identical to the remote IP
address configured on its peer.
Configuring Keepalive
Timers
IKE maintains the link state of an ISAKMP SA by Keepalive packets. Generally, if
the keepalive timeout is configured on the peer, the keepalive packet transmission
interval must be configured on the local end. If the peer receives no keepalive
packet during the timeout interval, the ISAKMP SA will be tagged with the
TIMEOUT tag (if it does not have the tag), or deleted along with the IPSec SAs it
negotiated (when it has the tag already).
Follow these steps to configure keepalive timers:
n
The keepalive timeout configured at the local end must be longer than the
keepalive interval configured at the remote end. Since it seldom occurs that more
than three consecutive packets are lost on a network, the keepalive timeout can
be configured to be three times of the keepalive interval.
Setting the NAT
Keepalive Timer
NAT mapping on a NAT gateway may get aged. If no packet traverses an IPSec
tunnel in a certain period of time, the NAT mapping will be deleted, disabling the
tunnel beyond the NAT gateway from transferring data. To prevent NAT mapping
from being aged, an ISAKMP SA sends to its peer NAT Keepalive packets at a
certain interval to keep the NAT session alive.
Follow these steps to set the NAT keepalive timer:
Configuring a DPD
Dead peer detection (DPD) is used to detect the state of IPSec peers. With the DPD
function enabled, if an end receives no IPSec protected packets from its peer in the
DPD query triggering interval, it sends a request to the peer to detect whether the
IKE peer exists.
To do...
Use the command...
Remarks
Enter system view
system-view
-
Set the ISAKMP SA keepalive
interval
ike sa keepalive-timer
interval
seconds
Required
No keepalive packet is sent by
default.
Set the ISAKMP SA keepalive
timeout
ike sa keepalive-timer
timeout
seconds
Required
No keepalive packet is sent by
default.
To do...
Use the command...
Remarks
Enter system view
system-view
-
Set the NAT keepalive interval
ike sa nat-keepalive-timer
seconds
Required
No NAT keepalive packet is
sent by default.
Содержание MSR 50 Series
Страница 152: ...152 CHAPTER 5 ATM CONFIGURATION...
Страница 209: ...Troubleshooting 209 Use the debugging dialer event and debugging dialer packet commands to locate the problem...
Страница 210: ...210 CHAPTER 6 DCC CONFIGURATION...
Страница 234: ...234 CHAPTER 7 DLSW CONFIGURATION...
Страница 344: ...344 CHAPTER 14 X 25 AND LAPB CONFIGURATION...
Страница 350: ...350 CHAPTER 15 LINK AGGREGATION OVERVIEW...
Страница 358: ...358 CHAPTER 17 MODEM CONFIGURATION...
Страница 486: ...486 CHAPTER 23 MSTP CONFIGURATION...
Страница 506: ...506 CHAPTER 25 VOICE VLAN CONFIGURATION...
Страница 510: ...510 CHAPTER 26 PORT ISOLATION CONFIGURATION...
Страница 524: ...524 CHAPTER 27 DYNAMIC ROUTE BACKUP CONFIGURATION...
Страница 538: ...538 CHAPTER 28 LOGICAL INTERFACE CONFIGURATION...
Страница 548: ...548 CHAPTER 29 CPOS INTERFACE CONFIGURATION...
Страница 572: ...572 CHAPTER 32 DHCP OVERVIEW...
Страница 604: ...604 CHAPTER 36 DHCP SNOOPING CONFIGURATION...
Страница 608: ...608 CHAPTER 37 BOOTP CLIENT CONFIGURATION...
Страница 646: ...646 CHAPTER 42 IP UNICAST POLICY ROUTING CONFIGURATION...
Страница 650: ...650 CHAPTER 43 UDP HELPER CONFIGURATION...
Страница 738: ...738 CHAPTER 50 IPV6 UNICAST POLICY ROUTING CONFIGURATION...
Страница 770: ...770 CHAPTER 51 TERMINAL ACCESS CONFIGURATION...
Страница 798: ...798 CHAPTER 52 FEP INSTALLATION AND CONFIGURATION...
Страница 808: ...808 CHAPTER 53 TERMINAL ACCESS TROUBLESHOOTING...
Страница 814: ...814 CHAPTER 54 TERMINAL ACCESS FAQ...
Страница 824: ...824 CHAPTER 55 IP ROUTING OVERVIEW...
Страница 876: ...876 CHAPTER 56 BGP CONFIGURATION...
Страница 916: ...916 CHAPTER 57 IS IS CONFIGURATION...
Страница 970: ...970 CHAPTER 58 OSPF CONFIGURATION...
Страница 1006: ...1006 CHAPTER 60 ROUTING POLICY CONFIGURATION...
Страница 1013: ...Configuration Example 1013 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Страница 1014: ...1014 CHAPTER 61 STATIC ROUTING CONFIGURATION...
Страница 1048: ...1048 CHAPTER 63 IPV6 IS IS CONFIGURATION...
Страница 1068: ...1068 CHAPTER 64 IPV6 OSPFV3 CONFIGURATION...
Страница 1080: ...1080 CHAPTER 65 IPV6 RIPNG CONFIGURATION...
Страница 1114: ...1114 CHAPTER 68 MULTICAST ROUTING AND FORWARDING CONFIGURATION...
Страница 1160: ...1160 CHAPTER 70 MSDP CONFIGURATION...
Страница 1234: ...1234 CHAPTER 73 MLD CONFIGURATION...
Страница 1278: ...1278 CHAPTER 74 IPV6 PIM CONFIGURATION...
Страница 1310: ...1310 CHAPTER 75 MULTICAST VPN CONFIGURATION...
Страница 1344: ...1344 CHAPTER 76 MPLS BASICS CONFIGURATION...
Страница 1458: ...1458 CHAPTER 78 MPLS L2VPN CONFIGURATION...
Страница 1555: ...MPLS L3VPN Configuration Example 1555 5 packet s received 0 00 packet loss round trip min avg max 66 79 109 ms...
Страница 1556: ...1556 CHAPTER 79 MPLS L3VPN CONFIGURATION...
Страница 1588: ...1588 CHAPTER 80 DVPN CONFIGURATION...
Страница 1648: ...1648 CHAPTER 85 QOS POLICY CONFIGURATION...
Страница 1696: ...1696 CHAPTER 89 MPLS QOS CONFIGURATION...
Страница 1708: ...1708 CHAPTER 90 DAR CONFIGURATION...
Страница 1728: ...1728 CHAPTER 91 FRAME RELAY QOS CONFIGURATION...
Страница 1750: ...1750 CHAPTER 92 802 1X CONFIGURATION...
Страница 1788: ...1788 CHAPTER 93 AAA RADIUS HWTACACS CONFIGURATION...
Страница 1810: ...1810 CHAPTER 95 MAC AUTHENTICATION CONFIGURATION...
Страница 1850: ...1850 CHAPTER 97 PKI CONFIGURATION...
Страница 1872: ...1872 CHAPTER 98 PORTAL CONFIGURATION...
Страница 1970: ...1970 CHAPTER 106 BACKUP CENTER CONFIGURATION...
Страница 2048: ...2048 CHAPTER 110 NETSTREAM CONFIGURATION...
Страница 2084: ...2084 CHAPTER 112 RMON CONFIGURATION...
Страница 2094: ...2094 CHAPTER 113 SNMP CONFIGURATION...
Страница 2114: ...2114 CHAPTER 115 FTP CONFIGURATION...
Страница 2123: ...System Maintaining Example 2123 The above output shows that nine routers are involved from the source to the destination device...
Страница 2124: ...2124 CHAPTER 117 SYSTEM MAINTAINING AND DEBUGGING...
Страница 2154: ...2154 CHAPTER 119 INFORMATION CENTER CONFIGURATION...
Страница 2170: ...2170 CHAPTER 121 MAC ADDRESS TABLE MANAGEMENT CONFIGURATION...
Страница 2186: ...2186 CHAPTER 123 POE CONFIGURATION...
Страница 2198: ...2198 CHAPTER 125 ACFP CONFIGURATION...
Страница 2206: ...2206 CHAPTER 126 ACSEI CONFIGURATION...
Страница 2216: ...2216 CHAPTER 127 TRACK CONFIGURATION...
Страница 2232: ...2232 CHAPTER 128 IPX CONFIGURATION...
Страница 2242: ...2242 CHAPTER 129 VOICE OVERVIEW...
Страница 2244: ...2244 CHAPTER 130 VOIP OVERVIEW...
Страница 2288: ...2288 CHAPTER 132 VOICE ENTITY CONFIGURATION...
Страница 2342: ...2342 CHAPTER 134 E1 AND T1 CONFIGURATION...
Страница 2354: ...2354 CHAPTER 135 FAX OVER IP CONFIGURATION...
Страница 2366: ...2366 CHAPTER 136 H 323 CONFIGURATION...
Страница 2384: ...2384 CHAPTER 137 SIP OVERVIEW...