Cisco Cisco Packet Data Gateway (PDG)
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
ikev2-ikesa
Configures parameters for the IKEv2 IKE Security Associations within this crypto template.
Product
All IPSec-related services
Privilege
Security Administrator
Command Modes
Exec > Global Configuration > Context Configuration > Crypto Template Configuration
configure > context context_name > crypto template template_name ikev2-dynamic
Entering the above command sequence results in the following prompt:
[
context_name
]
host_name
(crf-crypto-tmp1-ikev2-tunnel)#
Syntax Description
ikev2-ikesa { allow-empty-ikesa | cert-sign { pkcs1.5 | pkcs2.0 } | ignore-notify-protocol-id |
ignore-rekeying-requests | keepalive-user-activity | max-retransmissions number | policy {
congestion-rejection { notify-status-value value } | error-notification [ invalid-major-version ] [
invalid-message-id [ invalid-major-version | invalid-syntax ] ] | invalid-syntax [ invalid-major-version
] | use-rfc5996-notification } | rekey [ disallow-param-change ] | retransmission-timeout msec |
setup-timer sec | transform-set list name1 name2 name3 name4 name5 name6 }
ignore-rekeying-requests | keepalive-user-activity | max-retransmissions number | policy {
congestion-rejection { notify-status-value value } | error-notification [ invalid-major-version ] [
invalid-message-id [ invalid-major-version | invalid-syntax ] ] | invalid-syntax [ invalid-major-version
] | use-rfc5996-notification } | rekey [ disallow-param-change ] | retransmission-timeout msec |
setup-timer sec | transform-set list name1 name2 name3 name4 name5 name6 }
default ikev2-ikesa { allow-empty-ikesa | cert-sign | ignore-notify-protocol-id | ignore-rekeying-requests
| keepalive-user-activity | max-retransmissions | mobike | policy error-notification | rekey [
disallow-param-change ] | retransmission-timeout | setup-timer }
no ikev2-ikesa { allow-empty-ikesa | auth-method-set | ignore-notify-protocol-id | ignore-rekeying-requests
| | keepalive-user-activity | list name | mobike | policy error-notification | rekey }
default
Restores the configuration to its default value.
no
Disables a previously enabled parameter.
allow-empty-ikesa
Default is not to allow-empty-ikesa. Activate to have the IKEv2 stack keep the IKE SA when all the Child
SAs have been deleted.
SAs have been deleted.
Command Line Interface Reference, Modes C - D, StarOS Release 19
1248
Crypto Template Configuration Mode Commands
ikev2-ikesa