Configuring IPSec Network Security
Configuring the Keepalive Time for a Peer
To configure the keepalive time for each peer, follow these steps:
Procedure
Step 1
switch# configure terminal
switch(config)#
Enters configuration mode.
Step 2
switch(config)# crypto ike domain ipsec
switch(config-ike-ipsec)#
Allows IPsec domains to be configured in this switch.
Step 3
switch(config-ike-ipsec)# keepalive 60000
Configures the keepalive time for all peers to be 60,000 seconds.
Step 4
switch(config-ike-ipsec)# no keepalive 60000
(Optional) Deletes the configured keepalive time and defaults to 3,600 seconds.
Configuring the Initiator Version
To configure the initiator version using IPv4, follow these steps:
Procedure
Step 1
switch# configure terminal
switch(config)#
Enters configuration mode.
Step 2
switch(config)# crypto ike domain ipsec
switch(config-ike-ipsec)#
Allows IPsec domains to be configured in this switch.
Step 3
switch(config-ike-ipsec)# initiator version 1 address 10.10.10.1
Configures the switch to use IKEv1 when initiating IKE with device 10.10.10.0
Note
Step 4
switch(config-ike-ipsec)# no initiator version 1 address 10.10.10.1
(Optional) Defaults to IKEv2 for the specified device.
IKE supports IPv4 addresses, not IPv6 addresses.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Configuring the Keepalive Time for a Peer
183