HP 6125XLG R2306-HP 6125XLG Blade Switch Security Command Reference - Page 293
encryption-algorithm, Parameters, Usage guidelines, Examples, Related commands, Syntax, Default
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 293 highlights
Parameters interval interval-seconds: Specifies a period of time in seconds. The value range is from 1 to 300. • If the on-demand keyword is specified, this parameter specifies the number of seconds during which no IPsec packet is received before DPD is triggered if the local has IPsec traffic to send. • If the periodic keyword is specified, this parameter specifies a DPD triggering interval. retry seconds: Specifies the number of seconds between DPD retries if the DPD message fails. The value for the second argument is from 1 to 60 seconds, and defaults to 5 seconds. on-demand: Sends DPD messages on demand. periodic: Sends DPD messages at regular intervals. Usage guidelines DPD is triggered periodically or on-demand. The on-demand mode is recommended when the device communicates with a large number of IKE peers. For an earlier detection of dead peers, use the periodic triggering mode, which consumes more bandwidth and CPU. When DPD settings are configured in both IKE profile view and system view, the DPD settings in IKE profile view apply. If DPD is not configured in IKE profile view, the DPD settings in system view apply. It is a good practice to set the triggering interval longer than the retry interval so that a DPD detection are not triggered during a DPD retry. Examples # Configure DPD to be triggered every 10 seconds and every 5 seconds between retries if the peer does not respond. system-view [Sysname] ike profile 1 [Sysname-ike-profile-1] dpd interval 10 retry 5 on-demand Related commands ike dpd encryption-algorithm Use encryption-algorithm to specify an encryption algorithm for an IKE proposal. Use undo encryption-algorithm to restore the default. Syntax In non-FIPS mode: encryption-algorithm { 3des-cbc | aes-cbc-128 | aes-cbc-192 | aes-cbc-256 | des-cbc } undo encryption-algorithm In FIPS mode: encryption-algorithm { aes-cbc-128 | aes-cbc-192 | aes-cbc-256 } undo encryption-algorithm Default In non-FIPS mode, an IKE proposal uses the 56-bit DES encryption algorithm in CBC mode. In FIPS mode, an IKE proposal uses the 128-bit AES encryption algorithm in CBC mode. 284