[x]

IKE commands > ike keepalive timeout

 

 Next

ike keepalive timeout

Use ike keepalive timeout to set the IKE keepalive timeout time.

Use undo ike keepalive timeout to restore the default.

Syntax

ike keepalive timeout seconds

undo ike keepalive timeout

Default

The IKE keepalive timeout time is not set.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

seconds: Specifies the number of seconds between IKE keepalives. The value range for this argument is 20 to 28800.

Usage guidelines

If the local end receives no keepalive packets from the peer during the timeout time, the IKE SA is deleted along with the IPsec SAs it negotiated.

The keepalive timeout time configured at the local end must be longer than the keepalive interval configured at the peer. Because more than three consecutive packets are rarely lost on a network, you can set the keepalive timeout time to three times as long as the keepalive interval.

Examples

# Set the keepalive timeout time to 20 seconds.

<Sysname> system-view
[Sysname] ike keepalive timeout 20

Related commands

ike keepalive interval

prev

 

up

 next

ike keepalive interval 

home

 ike keychain

© Copyright 2018 Hewlett Packard Enterprise Development LP