[x]

Configuring IKE > Configuring the IKE keepalive feature

 

 Next

Configuring the IKE keepalive feature

About the IKE keepalive feature

IKE sends keepalive packets to query the liveness of the peer. If the peer is configured with the keepalive timeout time, you must configure the keepalive interval on the local device. If the peer receives no keepalive packets during the timeout time, the IKE SA is deleted along with the IPsec SAs it negotiated.

Restrictions and guidelines

Configure IKE DPD instead of IKE keepalive unless IKE DPD is not supported on the peer. The IKE keepalive feature sends keepalives at regular intervals, which consumes network bandwidth and resources.

The keepalive timeout time configured on the local device must be longer than the keepalive interval configured at the peer. Since it seldom occurs that more than three consecutive packets are lost on a network, you can set the keepalive timeout three times as long as the keepalive interval.

Procedure

  1. Enter system view.

    system-view

  2. Set the IKE SA keepalive interval.

    ike keepalive interval interval

    By default, no keepalives are sent to the peer.

  3. Set the IKE SA keepalive timeout time.

    ike keepalive timeout seconds

    By default, IKE SA keepalive never times out.

prev

 

up

 next

Configuring the global identity information 

home

 Configuring the IKE NAT keepalive feature

© Copyright 2017 Hewlett Packard Enterprise Development LP