1. ACLI Reference Guide
  2. ACLI Configuration Elements A-M
  3. ike-interface

ike-interface

The ike-interface configuration element enables creation of multiple IKE-enabled interfaces.

Syntax

address
Enter the IPv4 address of a specified IKEv1 interface.
  • Default: none
  • Values: Any valid IPv4 address
realm-id
Enter the name of the realm that contains the IP address assigned to this IKEv1 interface.
  • Default: none
  • Values: Name of an existing realm configuration element.
ike-mode
Select the IKE operational mode.
  • Default: responder
  • Values: initiator | responder
local-address-pool
Select a list local address pool from a list of configured local-address-pools.
dpd-params-name
Enter the specific set of DPD operational parameters assigned to this IKEv1 interface (relevant only if the Dead Peer Detection (DPD) Protocol is enabled).
  • Default: None
  • Values: Name of an existing dpd-params configuration element.
v2-ike-life-secs
Enter the default IKEv2 SA lifetime in seconds
  • Default: 86400 (24hours)
  • Values: Min: 1 / Max: 4294967295 (seconds)

Note:

The global default can be over-ridden at the IKEv2 interface level.
v2-ipsec-life-secs
Enter the default IPsec SA lifetime in seconds.
  • Default: 28800 (8 hours)
  • Values: Min:1 / Max: 2 thirty two -1 (seconds)

Note:

This global default can be over-ridden at the IKEv2 interface level.
shared-password
Enter the interface-specific PSK used during IKE SA authentication. This IKEv1-specific value over-rides the global default value set at the IKE configuration level.
  • Default: none
  • Values: a string of ACSII printable characters no longer than 255 characters (not displayed by the ACLI).
eap-protocol
Enter the EAP protocol used with IKEv2.
  • Default: eap-radius-pssthru
  • Values: eap-radius-pssthru

Note:

The current software performs EAP operations by a designated RADIUS server or server group; retain the default value.
addr-method
  • Values: radius-only-Use the radius server for the local address | radius-local -Use the radius server first and then try the local address pool | local -Use the local address pool to assign the local address
sd-authentication-method
Enter the allowed Oracle Communications Session Border Controller authentication methods
  • Default: none
  • Values: none-Use the authentication method defined in ike-config for this interface | shared-password - Endpoints authenticate the Oracle Communications Session Border Controller using a shared password | certificate-Endpoints authenticate the Oracle Communications Session Border Controller using a certificate
certificate-profile-id-list
Select an IKE certificate profile from a list of configured ike-certificate-profiles.

Path

ike-interface is a subelement under the ike element. The full path from the topmost ACLI prompt is: configure terminal, and then security, and then ike, and then ike-interface.

Note:

This is a multiple instance configuration element.