Setting keepalive timers
IKE maintains the link status of an ISAKMP SA by keepalive packets. Generally, if the peer is configured with the keepalive timeout, you must configure the keepalive packet transmission interval on the local end. If the peer receives no keepalive packet during the timeout interval, the ISAKMP SA will be tagged with the TIMEOUT tag (if it does not have the tag), or be deleted along with the IPsec SAs it negotiated (when it has the tag already).
To set the keepalive timers:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Set the ISAKMP SA keepalive interval. | ike sa keepalive-timer interval seconds | No keepalive packet is sent by default. |
3. Set the ISAKMP SA keepalive timeout. | ike sa keepalive-timer timeout seconds | No keepalive packet is sent by default. |
NOTE: The keepalive timeout configured at the local end must be longer than the keepalive interval configured at the remote end. Since it seldom occurs that more than three consecutive packets are lost on a network, the keepalive timeout can be configured to be three times of the keepalive interval. | ||