Cisco Cisco Packet Data Gateway (PDG)

ikev2-ikesa

Configures parameters for the IKEv2 IKE Security Associations within this crypto template.

Product

All IPSec-related services

Privilege

Security Administrator

Command Modes

Exec > Global Configuration > Context Configuration > Crypto Template Configuration

configure > context context_name > crypto template template_name ikev2-dynamic

Entering the above command sequence results in the following prompt:

[

context_name

]

host_name

(crf-crypto-tmp1-ikev2-tunnel)#

Syntax Description

ikev2-ikesa { allow-empty-ikesa | cert-sign { pkcs1.5 | pkcs2.0 } | ignore-notify-protocol-id |
ignore-rekeying-requests | keepalive-user-activity | max-retransmissions number | policy {
congestion-rejection { notify-status-value value } | error-notification [ invalid-major-version ] [
invalid-message-id [ invalid-major-version | invalid-syntax ] ] | invalid-syntax [ invalid-major-version
] | use-rfc5996-notification } | rekey [ disallow-param-change ] | retransmission-timeout msec |
setup-timer sec | transform-set list name1 name2 name3 name4 name5 name6 }

default ikev2-ikesa { allow-empty-ikesa | cert-sign | ignore-notify-protocol-id | ignore-rekeying-requests

disallow-param-change ] | retransmission-timeout | setup-timer }

no ikev2-ikesa { allow-empty-ikesa | auth-method-set | ignore-notify-protocol-id | ignore-rekeying-requests

| | keepalive-user-activity | list name | mobike | policy error-notification | rekey }

default

Restores the configuration to its default value.

Disables a previously enabled parameter.

allow-empty-ikesa

Default is not to allow-empty-ikesa. Activate to have the IKEv2 stack keep the IKE SA when all the Child
SAs have been deleted.

Command Line Interface Reference, Modes C - D, StarOS Release 19

1248

Crypto Template Configuration Mode Commands

ikev2-ikesa