Cisco Cisco ASR 5000
Crypto Template Configuration Mode Commands
▀ ikev2-ikesa
▄ Command Line Interface Reference, StarOS Release 18
3032
ikev2-ikesa
Configures parameters for the IKEv2 IKE Security Associations within this crypto template.
Product
All IPSec-related services
Privilege
Security Administrator
Syntax
ikev2-ikesa { allow-empty-ikesa | cert-sign { pkcs1.5 | pkcs2.0 } | ignore-notify-
protocol-id | ignore-rekeying-requests | keepalive-user-activity | max-retransmissions
number | policy { congestion-rejection [ notify-status-value value ] | error-
notification [ invalid-major-version ] [ invalid-message-id [ invalid-major-version |
invalid-syntax ] ] | invalid-syntax [ invalid-major-version ] | use-rfc5996-notification
} | rekey [ disallow-param-change ] | retransmission-timeout msec | setup-timer sec |
transform-set list name1 name2 name3 name4 name5 name6 }
protocol-id | ignore-rekeying-requests | keepalive-user-activity | max-retransmissions
number | policy { congestion-rejection [ notify-status-value value ] | error-
notification [ invalid-major-version ] [ invalid-message-id [ invalid-major-version |
invalid-syntax ] ] | invalid-syntax [ invalid-major-version ] | use-rfc5996-notification
} | rekey [ disallow-param-change ] | retransmission-timeout msec | setup-timer sec |
transform-set list name1 name2 name3 name4 name5 name6 }
default ikev2-ikesa { allow-empty-ikesa | cert-sign | ignore-notify-protocol-id | ignore-
rekeying-requests | keepalive-user-activity | max-retransmissions | mobike | policy
error-notification | rekey [ disallow-param-change ] | retransmission-timeout | setup-
timer }
rekeying-requests | keepalive-user-activity | max-retransmissions | mobike | policy
error-notification | rekey [ disallow-param-change ] | retransmission-timeout | setup-
timer }
no ikev2-ikesa { allow-empty-ikesa | ignore-notify-protocol-id | ignore-rekeying-requests
| | keepalive-user-activity | list name | mobike | policy error-notification | rekey }
| | keepalive-user-activity | list name | mobike | policy error-notification | rekey }
no ikev2-ikesa
Disables a previously enabled parameter.
allow-empty-ikesa
Default is not to allow-empty-ikesa. Activate to have the IKEv2 stack keep the IKE SA when all the Child
SAs have been deleted.
SAs have been deleted.
cert-sign { pkcs1.5 | pkcs2.0 }
Specifies the certificate sign to be used. Default: pkcs1.5
pkcs1.5
: Use the Public-Key Cryptography Standards (PKCS) version 1.5, RSA Encryption Standard.
pkcs2.0:
: Use the PKCS version 2.0, RSA Encryption Standard.
ignore-notify-protocol-id
Ignores IKEv2 Informational Exchange Notify Payload Protocol-ID values for strict RFC 4306 compliance.
ignore-rekeying-requests
Ignores received IKE_SA Rekeying Requests.
keepalive-user-activity
Default is no keepalive-user-activity. Activate to reset the user inactivity timer when keepalive messages are
received from peer.
received from peer.