Reference Guide (Supporting software release 5.5.0.0 and later) Owner manual

ManualsBrandsBrocade ManualsComputer AccessoriesMobility RFS Controller CLI

591

592

593

594

595

596

597

598

599

600

Brocade Mobility RFS Controller CLI Reference Guide 585

53-1003098-01

crypto ikev1 [dpd-keepalive <10-3600>|dpd-retries <1-100>|nat-keepalive

<10-3600>|

peer <IKEV1-PEER>|policy <IKEV1-POLICY-NAME>|remote-vpn]

crypto ikev2 [cookie-challenge-threshold <1-100>|dpd-keepalive <10-3600>|

dpd-retries <1-100>|nat-keepalive <10-3600>|peer <IKEV2-PEER>|

policy <IKEV2-POLICY-NAME>|remote-vpn]

crypto ipsec df-bit [clear|copy|set]

crypto ipsec security-association lifetime [kilobytes <500-2147483646>|

seconds <120-86400>]

ikev1 Configures the IKEv1 parameters

dpd-keepalive

<10-3600>

Sets the global Dead Peer Detection (DPD) interval from 10 - 3600 seconds

dpd-retries <1-1000> Sets the global DPD retries count from 1- 1000

nat-keepalive

<10-3600>

Sets the global NAT keepalive interval from 10 - 3600 seconds

peer <IKEV1-PEER> Specify the Name/Identifier for the IKEv1 peer. For IKEV1 peer configuration commands, see

crypto-ikev1/ikev2-peer commands.

policy

<IKEV1-POLICY-NAME>

Configures an ISKAMP policy. Specify the name of the policy.

The local IKE policy and the peer IKE policy must have matching group settings for successful

negotiations.

For IKEV1 policy configuration commands, see crypto-ikev1/ikev2-policy commands.

remote-vpn Specifies the IKEV1 remote-VPN server configuration (responder only)

ikev2 Configures the IKEv2 parameters

cookie-challenge-threshold

<1-100>

Starts cookie challenge after half open IKE SAs exceeds the specified limit. Sets the limit from

1 - 100

dpd-keepalive

<10-3600>

Sets the global DPD interval from 10 - 3600 seconds

dpd-retries <1-100> Sets the global DPD retries count from 1 - 100

nat-keepalive

<10-3600>

Sets the global NAT keepalive interval from 10 - 3600 seconds

peer <IKEV2-PEER> Specify the Name/Identifier for the IKEv2 peer

policy

<IKEV2-POLICY-NAME>

Configures an ISKAMP policy. Specify the policy name.

The local IKE policy and the peer IKE policy must have matching group settings for successful

negotiations.

remote-vpn Specifies an IKEV2 remote-VPN server configuration (responder only)

ipsec Configures the Internet Protocol Security (IPSec) policy parameters

df-bit [clear|copy|set] Configures DF bit handling for encapsulating header. The options are:

• clear – Clears the DF bit in the outer header and ignores in the inner header

• copy – Copies the DF bit from the inner header to the outer header

• set – Sets the DF bit in the outer header

ipsec Configures the IPSec policy parameters