3-30 Command Line Interface Commands Reference
IKE/IPSec Connection Profile Commands
cp { name index } ipsec ip [remote
[members {a.b.c.d a.b.c.d/n a.b.c.d e.f.g.h
[local
[members {a.b.c.d a.b.c.d/n a.b.c.d e.f.g.h
[via a.b.c.d]
show cp { name index } ipsec ip
cp { name index } ipsec sa lifetime { seconds kbytes } {
no cp { name index } ipsec sa lifetime [ { seconds kbytes } ]
cp { name index } ipsec
no cp { name index } ipsec
These commands set, display, or disable the status of dead peer detection for the specified IPsec Phase 2 profile. Dead peer detection counts the outbound packets on a tunnel. If 256 packets go out without a single packet coming in, the tunnel SAs are expired and a rekey is started. Rekeying is first attempted on the previous Phase 1 SA. If the Phase 1 request times out, then the Phase 1 SA is expired and Phase 1 rekeying is begun over again.
cp { name index } ipsec
Note: These commands are supported beginning with firmware version 8.2
These commands allow you to specify or show what IP destination host address is used to verify whether or not peer is dead. The IP address must belong to a tunnel’s remote network (which can be configured as a subnet, an address range, or an individual host in the IP options menu). The subnet remote network case also disallows the host part of the address to be all ones or all zeroes. For example, it is not permitted to set the address to 163.176.0.0 or 163.176.255.255 in a class B network.
cp { name index } ipsec
Note: These commands are supported beginning with firmware version 8.2
These commands allow you to specify or show the retry interval between successive pings (in seconds). Default is 5 seconds.
