Cisco Cisco Tunnel Terminating Gateway (TTG)
Crypto Map IKEv2-IPv6 Configuration Mode Commands
ikev2-ikesa ▀
Command Line Interface Reference, StarOS Release 17 ▄
2925
allow-empty-ikesa
Default is not to allow-empty-ikesa. Activate to have the IKEv2 stack keep the IKE SA when all the Child
SAs have been deleted.
SAs have been deleted.
max-retransmissions
number
Specifies the maximum number of retransmissions of an IKEv2 IKE exchange request if a response has not
been received.
been received.
number
must be an integer from 1 to 8.
Default: 5
policy { error-notification | use-rfc5996-notification }
Notifies error policy.
error-notification
: Error Notify Messages will be sent to MS for Invalid IKEv2 Exchange Message ID
and Invalid IKEv2 Exchange Syntax for the IKE_SA_INIT Exchange.
use-rfc5996-notification
: Enables sending and receive processing for RFC 5996 notifications -
TEMPORARY_FAILURE and CHILD_SA_NOT_FOUND.
rekey
[ disallow=param-change ]
Specifies if IKESA rekeying should occur before the configured lifetime expires (at approximately 90% of
the lifetime interval).
Default is not to re-key.
The disallow-param-change option prevents changes in negotiation parameters during rekey.
the lifetime interval).
Default is not to re-key.
The disallow-param-change option prevents changes in negotiation parameters during rekey.
retransmission-timeout
msec
Specifies the timeout period in milliseconds before a retransmission of an IKEv2 IKE exchange request is
sent (if the corresponding response has not been received).
sent (if the corresponding response has not been received).
msec
must be an integer from 300 to 15000.
Default: 500
setup-timer sec
Specifies the number of seconds before an IKEv2 IKE Security Association that is not fully established is
terminated.
terminated.
sec
must be an integer from 16 to 3600.
Default: 60
transform-set list name
A space-separated list of context-level configured IKEv2 IKE Security Association transform sets to be used
for deriving IKEv2 IKE Security Associations from this crypto map.
for deriving IKEv2 IKE Security Associations from this crypto map.
name
must be an existing IKEv2 IKESA Transform Set expressed as an alphanumeric string of 1 through
127 characters. A minimum of one transform set is required; maximum configurable is six.
Usage
Use this command to configure parameters for the IKEv2 IKE Security Associations within this crypto map.
Example
The following command configures the maximum number of IKEv2 IKESA request retransmissions to
7
:
ikev2-ikesa max-retransmissions 7