Enabling the cookie challenging feature

Enable cookie challenging on responders to protect them against DoS attacks that use a large number of source IP addresses to forge IKE_SA_INIT requests.

To enable cookie challenging:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable cookie challenging.

ikev2 cookie-challenge number

By default, IKEv2 cookie challenging is disabled..